10 Cyber security tips for SMEs

Although organisations of all sizes are targeted by cyber criminals, small-medium-enteprises (SMEs) have become the preferred target. Part of the issues SMEs face is the lack of resources & depth of expertise. They simply do not have the time, money, or dedicated staff to stay ahead of these attacks.

Whilst it can be daunting to stay on top of your cyber security needs to protect your intellectual property and minimise the frequency of data breaches. The other part of the issue is perception. Most SMEs don't see themselves as being at the risk level as their enterprise counterparts because they believe their data isn't as valuable, although they can also be a foothold for attackers to gain access up the supply chain of larger organisations.

According to the latest research (Hiscox, Department for Digital, Culture, Media and Sport):

- Around a third (32%) of businesses report having cyber security breaches or attacks in the last 12 months.
- In 30% of cases, this resulted in a negative outcome, such as a loss of data or assets.
- More than 60% of firms having reported one or more attacks - up from 45% in 2018.
- The percentage of firms scoring top marks on cyber security had fallen, with UK organisations doing particularly badly.
- Only 27% (under three in ten) of businesses have a formal cyber security policy or policies.

It's necessary SMEs take their security priorities seriously, and they get back to some of the basics of cyber security.

1. Lockdown administrator privileges

One advantage SMEs have is the relatively small amount of priviledged accounts they need to manage and audit. Make it part of your weekly routine to look who has admin priviledges and shut down access to anyone who shouldn't have full permissions to these accounts.

2. Don't overlook cloud security

If you're like most SMEs, you're probably already running an element of your business from the cloud, whether you're using software-as-a-service, cloud infrastructure environment, VOIP telephony, or more. However, as an SME, you need to make sure you are implementing the correct and proper controls and configurations, and have visibility into the accounts to mitigate the potential of account takeovers.

3. Identify what you can't do

Take the lead and identify the things you can't do, either due to time or resources. Some items for the "can't do" list could include things like penetration testing, risk assessments, security operations centre (SOC), forensics and large scale incident response.

This may mean partnering with a trusted managed services provider like BlackStone Associates, who provide a wide array of cybersecurity solutions for SMEs.

4. Have a scaled down, flexible incident response plan

Having an 80-page incident response plan that no one reads isn't feasible for a SME. Keep your incident response plan nimble by only including a few sections and a notification chain. However, it is imperative you keep this updated on a regular basis - at least annually.

5. Have a backup strategy, communicate it, and test it.

Regular backups are vital insurance against a data-loss catastrophe. Developing a solid backup plan requires an investment of time and money, but the cost is far less than the burdensome task of recreating data for which no backup exists. Develop a written backup plan that tells you the what, where, how, who and when of your backups.

Think beyond just your office and its computers and perform regular tests by restoring a few files to a different computer at a different location so you can test your plan before you actually need it.

6. Ensure your systems are patched and have the latest updates

Squasing vulnerabilities is like being a participant on Wipeout. You feel outnumbered, outmatched and exhausted. One of the most important aspects of patch management is staying on top of the next patch. You should have this in your calendar as part of your weekly or monthly "maintenance" checklist. Pay attention to notification from the vendors so your systems stay up to date.

7. Lock down VPN access

With a smaller number of users, you need to keep track of who's logging in via the VPN and only enable the service to those with a need. Make sure that as employees are hired or leave that you update their access accordingly and include this as part of new user set up or off-boarding checklist.

8. Update and communicate your password policy

With a small IT team, the last thing you need them to be doing is password resets for staff who have locked themselves out of their systems. A little training will go a long way, so update, communciate and teach your staff to create a long unique password phrase that they'll remember, and establish a technical control for a longer period. Password managers can also be helpful for setting up unique passwords.

9. Tighten your inbound and outbound traffic

Depending on your industry, it could be difficult to monitor all inbound and outbound connections for SME staff. However, with a smaller pool of users, it can be easier to lock down your traffic. Do you use SSH, FTP? If not, lock down those inbound/outbund services. Having a smaller pool of users will mean your operational needs are most likely to be condensed, therefor limiting your attack surface.

10. Malware, DDoS attacks and phishing protection

Are your systems protected from malware to prevent the download of infected files or installation of suspicious software? Make sure there is a malware policy in place to ensure up to date malware protection and that it cannot be bypassed by users. with a smaller pool of users, it can be easier to lock down your traffic. Do you use SSH, FTP? If not, lock down those inbound/outbund services. Having a smaller pool of users will mean your operational needs are most likely to be condensed, therefor limiting your attack surface.

What next?

If you would like to find out more about how our IT services can protect and grow your business, click here to book your free consultation call.

About BlackStone Associates

Established in 2014, BlackStone Associates is a leading provider of IT solutions and critical IT Support in Berkshire, Buckinghamshire, Middlesex, Surrey & London. Offering a complete portfolio of innovative and robust IT services that enable businesses, of all sizes and sectors, to create modern-age, digital workspaces, that are designed to scale and support the current and future demands of its workforce.

As a vendor independent company, our loyalty is soley to you, our customer. Consequently, customer satisfaction is at the heart of BlackStone Associates' success, with its ability to deliver tailored IT and network solutions at an affordable price.

With an expert team of engineers and support staff with 20 years of experience, it's no wonder why many businesses & organisations trust BlackStone Associates to design, implement, manage and support their IT operations.





Next: Mistakes to avoid when moving office

Why choose BlackStone Associates as your IT partner?

Maximise your IT investments

Cost effective & scalable solutions

Technology roadmap & planning

Quick resolution of IT issues

Technology aligned to your goals

Book a free consultation now

How can we help?

01753 369 701


BlackStone Associates implemented systems & controls that eliminated hours of downtime we had experienced with past vendors. They consistently recommend the most cost effective systems/procedures and constantly look out for our company's best interests.

Bradley James Executive Search

Business critical IT Support

For IT advice and guidance, or to enquire about our IT support and maintenance services, please contact us and a member of our team will be happy to help you:

01753 369 701


Fast response times

Instantaneous and direct phone access

Highly flexible and cost-effective

Specialist capabilities and experience

Aligned and scalable to your business

Gain a fresh perspective on your IT needs

Book a free IT assessment with BlackStone Associates today and we will find you new, innovative and easy-to-implement IT solutions which make your business operations run more smoothly.

Request an assessment