You’re Not Too Small to Be a Victim: The Obvious IT Security Fails Small Businesses Can Avoid



IT security absolutely must become a higher priority in smaller businesses.

According to Government figures, 39% of small businesses think they are too small to worry about cyber security.

But they’re not.

Don’t wait for your files or systems to be breached, locked, corrupted or destroyed by a virus or data to be stolen, before you give IT security the priority it needs.


The good news is that the Government also says that up to around 80% of cyber-attacks could be prevented, simply by putting some simple cyber security controls in place.

There’s an opportunity for small businesses here too: by demonstrating that you take cyber security seriously, you can build trust in your processes, operations, and brand.

And this greater trust stretches, not only to your customers – but to all your suppliers and stakeholders too!

Security as a Source of Competitive Advantage

Because most small businesses don’t take security seriously enough, demonstrating that you have the people, processes, and technology in place to prevent the majority of obvious cyber-attacks and manage data properly gives you a lead on your competition.

In some industries, demonstrating good data management and IT Security is vital if you are going to secure contracts. And, as customers become more familiar with the implications of the new General Data Protection Regulation (GDPR), good data management is likely to move higher up the Boardroom agenda.

ISO 27001 is the international standard for information security. This requires organisations to develop an Information Security Management System which identifies information assets, assesses their risks, defines acceptable risk levels, and work to mitigate the risk.

The UK Government has launched a less onerous and more practical certification for small businesses: the Cyber Essentials certification.

As well as helping you identify risks and how they can be mitigated, this scheme gives you the right to advertise that you meet a Government-endorsed IT Security standard – ideal for demonstrating good security practice.

As part of our small business IT services, Grant McGregor can help you gain this certification; we offer a range of Cyber Essentials services to help you develop your understanding and gain the accreditation.

What Are the Easy Fails Small Businesses Can Avoid?

As well as providing a source of competitive advantage, the Cyber Essentials certification process helps you to ensure that your business doesn’t fall victim to one of the easily preventable cyber-attacks that could paralyse your business, damage your customer relationships, and do untold damage to your brand reputation.

This includes the most common mistakes that small businesses make when they don’t dedicate enough time to IT security. If 80% of attacks could be easily prevented, we know that just a small amount of planning can mitigate a huge amount of business risk.

These errors include:

• Not installing an appropriate professional-quality anti-virus software on all PCs and tablets – this doesn’t have to be expensive or onerous; there are good solutions available that don’t cost the earth.

• Not updating anti-virus regularly. Anti-virus software security updates are released regularly in response to new and emerging viruses and threats; it’s vital that you update your anti-virus software with the latest security updates, so that you are properly protected from the latest threats.

• Running out-of-date software. Cyber attackers frequently exploit known security weaknesses in common software applications. The software manufacturers work to fix these vulnerabilities as they become known and will release patches and updates for their software on a regular basis, designed to close the vulnerabilities hackers and viruses seek to exploit. Update your software regularly if you want to ensure you have the best protection against attack. Better still, use a managed patching service to do this for you.

• Running out-of-date operating systems. Ditto with your operating systems. When Microsoft stops supporting a platform, it no longer provides the vital security patches you need to protect against the latest threats – this leaves you vulnerable. Stay informed about when you need to upgrade. Notice periods are long – so you have plenty of time to act. Use this time wisely: speak with your software vendors and make sure they will support your transition to the new operating system. And make sure you upgrade.

• Failing to have backups. If the worst happens, you need to restore your files. And quickly! Always back up all your data and systems – make this an essential part of your daily processes. And, if you automate this process, keep your backup software up to date too.

• Security isn’t only about technology and processes. It’s also about people – don’t overlook this vital factor. Make sure everyone is aware of the dangers and what to look out for. Educate staff about phishing, spear phishing, clicking on links, installing non-approved software or (especially) freeware, bringing in new devices, and the risks involved in not keeping a tight control on data (especially customer data).

• Cut down on what staff can and cannot freely do on their PCs. If they don’t have the rights to install software it may be a nuisance but better than them unwittingly installing malware, key logging software or other dangerous tools used by cyber criminals.

• Not asking for help when you need it. There is a lot of advice available, Government resources, and specialist advisors who can help you apply this advice and good practice to your small business. Don’t muddle along and leave yourself exposed to unnecessary risk, when you could easily ask for practical help.

These are just some of the basics – the things that will prevent you falling victim to 80% of attacks.

There are others such as secure firewalls and strong configurations that will ensure you’re following best practices with IT Security.

If you’re doing these things, you are not only protecting your business operation and reputation, you’re also well on the way to achieving a Cyber Essentials accreditation.

Wherever you feel your business is in terms of Cyber Essentials, we recommend you go for this accreditation. Not only to help you understand and mitigate IT security risks – but as an opportunity to transform IT security from a business risk into an important source of competitive advantage.


For more information about the Cyber Essentials scheme, speak with one of our Grant McGregor Cyber Essentials consultants today, by calling: 0808 164 4142.




see all