SMEs: 7 steps to improving your cybersecurity in 2023

Cybersecurity is something no business can afford to ignore – especially with attacks on the rise. The good news is, there are some key steps you can take to lower the risk of your business being the victim of a successful attack, and at the very least, which can help limit any potential damage or disruption.

 While the best possible protection will always come from seeking the support of a cybersecurity specialist, such as our team here at Dragon IS, there are actions you can take in-house.

 Here are 7 ways to boost cybersecurity when you’re a small business.


  1. Regularly and securely back-up your data in the cloud

What would the impact be on your business if you were locked out of your data (or worse still, ended up losing it) for any amount of time?

For most businesses, this would be a serious problem. Which is why backing up business data is so important, as it’s a vital step for ensuring business continuity.

Not only does backing up make good business sense (just imagine the consequences of losing all of the information your business holds as a result of theft or fire), but it also protects you from being exploited by ransomware and malware attacks executed by cybercriminals.

With your data safely copied across to a remote data cloud or an off-site server you’ll be able to access the information anytime, anyplace, and have a back-up you can quickly reinstate should the original data files become lost, stolen, or any in other way compromised.


  1. Install strong anti-virus protection

Viruses are a popular method used by cybercriminals who will seek to infect your business systems and then harvest the data you store. An attack of this nature puts small businesses in an extremely vulnerable position and also risks reputational damage and even a fine under General Data Protection Rules (GDPR).

 Installing high quality anti-virus software can help lower the risk. Programmes of this nature will work in the background, silently protecting your business from virus predators while you get on with the day-to-day job at hand.

 Having this type of virus protection in place offers you the reassurance that your computer hardware and drives are being systematically scanned and vetted for malicious nasties, leaving you free to concentrate on running your business.

 However, we would never advise you to rely solely on anti-virus software, as products available on the high street vary wildly in quality, if even the best limited in what they can do. Criminals are also constantly working on ways to get past these types of ‘off the shelf’ defences.


  1. Keep your software updated

Another cyber security best practice (and one that won’t cost you a thing) is to ensure all of the apps, programs and software your business relies on are always up-to-date and running the latest available version.

 Developers frequently release system updates whenever a new cybersecurity threat is identified or to combat issues with the software that could put its users at risk. More often than not, updates of this nature are specifically designed to counter known security breaches that have come to light as a result of cybercrime.

 For this reason, it’s important not to ignore any prompts you receive to update your system software in real time. It’s also worthwhile getting into the habit of regularly doing a sweep to see if any new system updates are available for the IT programs and apps your business uses across its devices and networks, to ensure you’re always protected from the latest viruses and malware.


  1. Purge weak passwords

Despite the growing cyber threat and greater awareness for the risks, many people are still using notoriously weak passwords. Nearly 5 million people around the world have “password” as their password, with 18 of the 20 most popular passwords capable of being guessed in under one second.

For businesses, one way to help ensure employees are using strong passwords is to introduce a password policy and to invest in an active education program. You can also introduce a password manager tool, to make it easier for employees to use more complex passwords, as they won’t need to try and remember them. They are locked away in a highly secure online ‘vault’.

Here are some other best practice points for passwords:

  • Require passwords to include digits, uppercase and lowercase letters and special characters
  • Don’t let users reuse old passwords by changing a single character or two
  • Block the use of easy to guess and common passwords, such as ones that are based on the person’s name


  1. Enable two-factor authentication

Hacking passwords has long been a popular way for cybercriminals to gain access to sensitive business information, which is why you should always adopt two-factor authentication methods wherever possible. This may typically mean you have to enter a code that is text to your phone within a short amount of time, to confirm it is you attempting to gain access.

 Enabling two-factor authentication on your systems adds an extra layer of cybersecurity that makes it extremely difficult for cybercriminals to penetrate. Where this method isn’t available, you should adopt best practice behaviours to keep your password protected systems secure.


  1. Step up your efforts against phishing

Phishing scams are a common method used by cybercriminals, who will send out emails and messages that appear to be from a legitimate organization, or even a work colleague, supplier or customer.

 While some email firewalls will recognise a bogus email and intercept it, many phishing scams succeed in bypassing cybersecurity because they are of a convincingly genuine nature. They may, for example, have just one letter changed from a legitimate email address. Something that can be very hard to spot if you’re not looking out for scams.

 The best advice when it comes to any email (and indeed text or WhatsApp message) – but especially ones that are encouraging you to click on a link, login to a form, or change invoice payment details, is to question its authenticity.

 Firstly, check the sender’s email address – does it look right? Look at the branding and the way it’s written, does it sound and look like the organisation it’s pertaining to be from?

 Pausing to make these checks is essential. While technology will be able to help block most phishing emails, it will never be 100%. Educating your employees about phishing scams and conducting regular spot checks is your best defence here.


  1. Engage in regular training

As touched on above, one highly recommended course of action, when it comes to small business cybersecurity, is to invest in training and regular refreshers.

Awareness and education are intrinsic to cybersecurity and best practice use of IT, and a professional cybersecurity course is the perfect way to ensure everyone in your organisation is engaged and on the same page, when it comes to keeping your business safe online.


In need of expert cybersecurity support?

 For more information about cybersecurity and IT support for your small businesses contact the Dragon IS team on 0330 363 0055 or email


You may also be interested in: