Seven tips for SMEs to protect against cyber attacks

Did you know a cyber-attack happens every 39 seconds worldwide? Many smaller businesses, the self-employed and contractors will think, “that doesn’t affect me because hackers are less likely to target smaller businesses.” But, sadly, that’s not true. In fact, 81% of all cybersecurity breaches happen to small and medium-sized businesses. That’s because self-employed contractors often have fewer protective resources, making them more vulnerable to harmful breaches. That’s why Sam Steel, left, Head of Growth at Kingsbridge Contractor Insurance has shared his top tips to help prevent online attacks and reduce cyber-risk. Sam said, “You should take the necessary steps to secure your data. Adopting cybersecurity measures head-on, can decrease the risk of exposure and help protect your systems, your business, and your reputation.”

Threats can come in multiple forms, targeting weak points in your network. Any business that uses computers, smartphones and other technologies is open to such threats. Here, Kingsbridge recommends a number of steps that can help keep you secure:

  1. Install anti-malware and antivirus software

Investing in anti-malware software that’s proven to deal with the latest malware threats is crucial. This software detects, quarantines, and deletes harmful malware and viruses, preventing damage to a device or network.

  1. Update all passwords

Updating passwords can be tedious, but it’s crucial in protecting a business. Thankfully, tools such as Last Pass can be used to manage all passwords, so it’s one less thing for business owners to worry about. It’ll even suggest better passwords if they’re not secure enough. Strong passwords are essential. Avoid using personal information and aim to mix letters, numbers, and symbols. Andy also advises creating a password made up of at least eight characters.

  1. Security penetration testing

A penetration test, also known as a ‘pen test’, is a simulated cyber-attack performed to identify any weaknesses within a business’ IT systems. It creates real-world scenarios that show how well a company’s systems perform during a cyber-attack. Pen tests should be completed regularly to help uncover any new security weaknesses.

  1. Keep all software updated

All company software should be updated to its latest version, as older versions typically have weak entry points that hackers target. So, regularly check all software for updates or new security patches, and ensure every update is applied to all company devices.

  1. Have a disaster recovery plan

A disaster recovery plan can help ensure a swift and effective response if a cyber-attack strikes. It should include a well-planned escalation path (if the business has employees) and data backup plans. Backup plans are one of the most cost-effective ways of restoring important information:

  • Use several backup methods to ensure data safety, such as a portable device or cloud storage.
  • Backup data periodically, including end-of-week, quarterly, and yearly server back-ups.
  • Check backup data regularly to see if it works properly and can be restored.
  1. Train staff on cybersecurity practices

Sam commented further, “If a business has them, then employees are the first and last line of defence against security breaches. That’s why educating staff on how to handle cyber threats safely is crucial. The UK’s National Cyber Security Centre (NSCC) has free online training, which is great for helping you gain essential knowledge.

7. Put the right insurance in place

Cyber insurance is vital for small businesses. Though it is always best to try and prevent cyber-attacks from happening, it’s a good idea to put further protections in place should the worst happen. If a security breach arises where the company is held liable, then the business may end up paying considerable sums to cover costs and damage.

Sam Steel is the Head of Growth at Kingsbridge Contractor Insurance. Kingsbridge’s cyber liability insurance gives companies the financial backing to pay for investigations and corrective action. For further information, visit