SMEs: 7 steps to staying cybersecure in 2024

The start of any new year is always a great time for businesses to review, assess and enhance their IT infrastructure – to ensure systems and processes are fully aligned with company goals.

Cybersecurity should form a core part of this review being one of the biggest challenges facing teams today. It’s a threat that continues to grow, which means no business can afford to take its foot off the gas when it comes to its cybersecurity defences.


What is the current cyber threat facing businesses?

According to the Cyber Security Breaches Survey 2023, around a third of businesses (32%) and a quarter of charities (24%) experienced a cyber security breach or attack in the last 12 months.

By far the most common type of attack was phishing (79%), along with impersonation (31%) and viruses, spyware and malware (11%). Typical examples being staff receiving fraudulent emails or being directed to fraudulent websites.


What steps can businesses take to lower their risk?


  1. Prioritise employee training and cyber awareness

The weakest link in any business’ security system is its employees. Whether it’s clicking on a bad link, or being tricked into handing over sensitive data, human error is the leading cause of successful cyberattacks.

As well as implementing technology and processes that can help reduce the risk, in the coming year, make employee training and awareness a priority. This training should include employees of all levels and cover the latest phishing techniques, social engineering tactics, and best practices for password management.

Running regular awareness programmes can empower employees to recognise and report potential threats. It can also help them to develop a ‘challenge’ mindset that sees them think about and question any comms they receive that ask for sensitive information.


  1. Implement Multi-Factor Authentication

Passwords alone are no longer sufficient to protect sensitive data. Implementing multi-factor authentication adds an additional layer of security by requiring users to verify their identity through multiple means, such as a password and a unique code sent to their mobile device.

This extra step can significantly reduce the risk of unauthorised access, especially if credentials are compromised.

Businesses can strengthen this process even further by making it compulsory for employees to only use company issued laptops and PCs (which will naturally include current security measures used by the company), and to verify their identity when logging in, using only a company issued mobile phone. This means that the devices used will always be fully protected and also reduces the risk of sharing viruses and malware that could be picked up on personal devices.


  1. Conduct regular security audits

As the cyber threat is always evolving, it is important for businesses to regularly review their defences. Undertaking regular security audits can help identify potential vulnerabilities and weaknesses in the systems that attackers might be able to exploit.

Be proactive in finding and addressing any issues.


  1. Update and patch systems regularly

The phrase ‘security patches’ related to updates that are released by software companies to address a number of issues, including security vulnerabilities within programmes and products, to fix performance bugs, and provide enhanced security features.

Outdated software and unpatched systems are prime targets for cybercriminals. Businesses need to ensure they are keeping all software, including operating systems and applications, up to date with the latest patches. Regular updates help eliminate known vulnerabilities and can protect against malware and other security threats.


  1. Backup critical data

Ransomware attacks are on the rise. This type of attack sees cyber criminals infiltrating systems and using malware to prevent businesses from operating. Computers may be locked, and data may be stolen, deleted or encrypted.

To mitigate the impact of such attacks – and to reduce the impact of other unexpected events that may befall the business – it’s important to make regular back-ups of critical data that are stored securely. That way, were the worst to happen, any potential service disruption could be minimised and reputations protected.

We can help with this! Contact our team to find out more.


  1. Make sure you have an Incident Response Plan

No organisation is immune to security incidents and in today’s world, it is likely a case of ‘when’ not ‘if’ when it comes to a cyberattack, so having a well-defined incident response plan in place is crucial.

Make sure you have an incident response plan in place that outlines the steps the business will take in the event of a security breach. The plan should include core steps such as how you will monitor for and identify any incidents, how you will contain the damage, investigating the root cause, and who you will need to notify.


  1. Seek the support of an expert

As mentioned, the cyber threat facing businesses is constantly changing and becoming more and more sophisticated, especially as AI capabilities evolve. Working with an expert in the field, such as our team here at Dragon IS, can help ensure you are always on top of things.

Not only are we fully across all threats but we are passionate about technology and helping our customers make the most of it, to support their business goals.

We also pride ourselves on being a people-centric, jargon-free company and we know our customers really appreciate that. (They stick with us, so we must be doing something right!).


Call us today for a no-obligation chat about your current IT challenges and how we may be able to assist you. You can reach us on 0330 363 0055 or by emailing