Cybersecurity for small businesses – what every small business owner should be doing to stay safe

Business Loans

A new report from Vodafone suggests that a quarter of small and medium sized businesses in the UK would go under if they became victims of a cyberattack. The cost of dealing with the fall-out would simply be too much.

A further 16 per cent of the businesses that took part in the study said they would be able to keep their business afloat in the event of an attack, but they would have to let staff go to cover the costs.

This alarming report has prompted many business owners to start taking cyber security more seriously. We know that many of our small business customers are unsure where to start when it comes to cybersecurity. That's why we’ve put together this simple guide, specifically for small businesses.


Are cyber attacks a genuine threat to small businesses?

Increasingly, the answer is yes. Unfortunately, SMEs are regularly falling victim to cyber attacks, many of which can be devastating in terms of cost and reputation. The Vodafone report found that nearly a third of the 500 business leaders they consulted as part of the study said they had been hit with more cyber attacks since the beginning of the Covid pandemic, indicating the crisis has resulted in an increase in cybercrime.

If you run a business, regardless of its size, cybersecurity needs to be on your radar. If you hold customer data for example, or you have a website that takes payments, a social media presence or you email a list of clients regularly, these are the areas that may become vulnerable to cyber crime. Unfortunately, small businesses can no longer rest on their laurels and assume they won’t be affected. Cybercriminals have upped their game and are constantly on the lookout for easy targets.

Small businesses are coping with 10,000 cyberattacks daily. Cybercriminals are aware that smaller enterprises lack the budget to create the necessary infrastructure to protect themselves from cybercrime and are increasingly moving their attention away from large corporations who are starting to get up to speed with the threat.

When you are targeted by a cyberattack, the threat is manifold. You could have your bank account hacked and lose money, you could lose valuable customer data, leaving your valued clients vulnerable to further attack and your very reputation is at stake.


How is small sized business cyber security usually targeted?

There are a number of ways your small business could be targeted, including:

Phishing emails: Phishing is a major threat to businesses of all sizes. Fake emails carrying viruses, asking for personal data or defrauding you out of your hard-earned cash are a common occurrence in most businesses. Research from the Federation of Small Businesses found that more than a million small businesses have been targeted by phishing, payment scams and malware.

Phishing has evolved from the easy-to-detect versions that used to plague inboxes. Cybercriminals are growing more sophisticated and will often impersonate executives working for other businesses, or even your own colleagues, with believable email addresses and signatures.

Hacking: Hacking is a major threat to smaller businesses. Your own and your customers' personal data, however, mundane it may seem, is valuable to criminals and fraudsters. If they can target your databases and email lists, they will.

Malware: Malware, including viruses and ransomware, is software designed to damage or harm a computer. It can infect your computer through phishing emails or by inviting you to click links for example.

Denial of service attacks: If you run a website or ecommerce site, you could become a victim of a denial of service attack, whereby hackers overwhelm your systems with traffic or requests and render it useless to you and your customers.


What can you do to strengthen your business against cyber security risks?

Dealing with the threat from cybercriminals can seem like an impossible task. Most small business owners simply aren't equipped with the know-how and specialist skills needed to be able to implement measures and assess risks themselves.

The industry as a whole has a well-publicised skills shortage, so the likelihood that you, as a small business owner, have someone in your staff that can advise and implement cybersecurity measures is extremely unlikely.

But this doesn’t mean you should bury your head in the sand. Quite the opposite.

Here are some practical steps you can take to try to minimise the risk that cybercrime poses to your business and your customers.


1. Cyber security training and awareness

This is, perhaps, the most important protection you have, as a small business with a limited budget, to protect yourself from cyberattacks. Hold regular training sessions with your staff so they can recognise phishing emails and data breach threats. This is a good source of information to start with, but the threat is constantly evolving and can target staff members through their work and personal emails. It’s vital that they take precautions when using both these forms of communication on work computers.


2. Keep your devices safe

Bring in processes to protect your work devices, such as phones, tablets and laptops from security breaches. Make sure your staff protect them with passwords and that they know how to secure them properly when they take them home. You can select options to wipe or track lost phones and tablets, all of which should be enabled.

A part of this is also avoiding public wi-fi and unknown wifi hotspots that could leave you vulnerable to attack. If you don’t have them already, bring in rules about this so that your staff know what is and isn’t acceptable from a security perspective when using the internet out and about.


3. Look after your data

There are various ways that you can do this. You can look into using cloud storage for your data, which should be super-secure. If you want a hard copy back-up, make sure you keep this in a secure palace, away from your computer.

There are some great subscription services that you can sign up to, which can provide you with security for your devices and your data. This one from Vodafone, for example, can offer affordable options for small businesses with different budgets.


4. Keep up to date with cybersecurity threats

It’s vital that, as a small business owner, you keep well-informed about the kinds of threats you could be facing. The Federation of Small Businesses is great for information about cybersecurity, and there’s also some really useful information through the National Cyber Security Centre, which publishes this great resource for small business owners.

Whatever your budget and risk level, it’s time to take precautions to minimise your exposure to cybercrime. Big businesses now view cybersecurity as a priority, and so should you.


Recent Article

Top small business trends to watch in 2025