Seven security tips for small and medium-sized businesses


Seven security tips for small and medium-sized businesses

No matter how big your company is, security is a critical part of any business. According to Microsoft’s Global Security Survey for small and medium-sized businesses (SMBs), 74% of SMB owners don’t think they are at risk of a cyber-attack. The truth is that 43% of cyber-attacks are aimed at SMBs.

If you own a small or medium-sized business, you may feel like you don’t have the time, personnel or resources to put security measures in place. That’s okay – there are solutions available to help businesses of any size take simple steps to be more secure.

Here are our seven security tips for small and medium-sized businesses:

  1. Treat security as an investment – it’s easier to implement security measures early on in the process of building your company, rather than trying to apply new security behaviours or practices retroactively. Like putting a lock on your front door, it’s very important to protect the assets of your business, which is especially true for customer data. This includes being diligent about securing the logins for all of your applications and e-commerce websites if applicable. These security measures can help to gain the confidence and trust of your customers which can lead to earning more business.
  2. Back up your data – protect against data corruption and ransomware attacks with regular backups of your data. Keep multiple copies and consider off site options using cloud storage.
  3. Have an incident response plan – create a plan for cyber-attacks so you know what to do when one happens. Cases of smaller businesses who have received a phishing email, clicked on a ransomware link and then had to pay a hefty ransom to get their data back, are surprisingly common. Even with security defences and a plan in place, phishing attacks can still be successful, but damage can be limited if your business plans for this possibility.
  4. Use technology that helps you manage devices across a diverse and growing mobile environment – many organisations are not focused on technology because it’s not a big part of their core business, especially when it comes to thinking about security from a communications and collaboration perspective. In the absence of clear direction from company leadership, solutions tend to organically emerge without consideration for the inherent security risks.
  1. Stay compliant with regional security regulations – for businesses that work with customers in the European Union (EU), compliance with the General Data Protection Regulation (GDPR) must be a security consideration. Handling any data from EU residents requires careful attention to personal privacy rights, data protection responsibilities and breach reporting guidelines, at the penalty of significant fines.
  2. Take a proactive approach against phishing and other threats – small actions every day can help people do their jobs more securely. It can be a series of low-effort tasks in the beginning, which can have a lasting impact. Perhaps once a month, you could provide training on how to detect phishing emails by checking the sender’s email address and domain and by hovering over links to see the actual URL. Protecting against phishing is critical for SMB owners – between 90 and 98% of all cyber-attacks begin with phishing. Today’s phishing attempts are better camouflaged, propagate rapidly and can even evolve to evade detection. Even trickier are spear-phishing attacks, where the email is highly targeted to the person receiving it, like someone in accounting getting an email sent from someone posing as the CEO requesting a payment transfer. Because even a cautious employee can be fooled by a sophisticated phishing attack, it also helps to invest in tools such as Microsoft 365 for Business that automatically scan and filter emails and attachments for threats.
  1. Add security and simplicity for system access – enable multi-factor authentication for layered security. Two-factor or multi-factor authentication requires two or more secure elements to access an account – like a code sent via email or a biometric or fingerprint scan. In addition to using two-factor authentication, you could provide a password manager to employees to help them generate and manage unique, random passwords. If staff need to access systems on lower security networks, at cafés or airports for example, then they should use a VPN or Virtual Private Network which is an encrypted connection to another network over the internet.


More than 70% of businesses report feeling vulnerable to a cyber-attack, often because they lack the knowledge, resources and expertise of larger organisations. Modern technologies such as Microsoft 365 can make security simpler and easier for SMBs, with comprehensive protection, built-in safeguards and easy-to-use tools.

Contact our team today to discuss our Cloud Services, including our Business Continuity and Disaster Recovery options, in more detail.