How your policies, practices and people could be putting your business at risk

When we think about cybersecurity for small businesses, we tend to imagine some shadowy hacker. But your own policies, everyday practices, and even your well-intentioned team can create vulnerabilities.

From passwords to remote working to systems and software, we’ll walk you through where the risks really lie and show you how to tighten things up.

Why the biggest cybersecurity threats aren't always external

Though targeted cyberattacks grab the headlines, it’s sometimes as simple as the wrong file sent to the wrong person, a password shared over email or a phone left in the back of a taxi. In fact, 16% of breaches resulted from lost or stolen devices.

A staggering 95% of data breaches are down to human error – passing technology gaps as the main global cybersecurity challenge.

The hidden dangers in your everyday business practices

It’s often the things that feel harmless or routine that end up creating the biggest risks. Here’s where things can go wrong:

• Weak, reused, or shared passwords

Weak passwords can be cracked in seconds, while reusing them can compromise multiple systems. And sharing logins over email or sticky notes is like hiding your key under the mat.

• BYOD (Bring Your Own Device) and remote working

With 40% of the global workforce working remotely, letting people use their own phones and laptops can be great for flexibility and cost saving – but only if you’ve got clear rules in place. Likewise, remote working without proper protection can lead to threats beyond your control.

Home Wi-Fi networks aren’t always as safe as business ones. Personal devices might also be missing essential security features like antivirus software, automatic updates, or strong password protection.

• Lack of training

Never assume people can confidently spot scams or know every procedure. One click on a clever phishing attempt or using unencrypted email, insecure cloud services, or personal or public drives can easily lead to leaks – and get you in trouble with data protection laws.

• Poor policies or enforcement

Having no cybersecurity policy is bad. Having one that no one knows about or follows is worse. Clear, simple, (and enforced) policies are a must.

• Outdated software

Attackers always look for out-of-date software to exploit. Without regular updates, you’re missing out on critical security patches.

• Physical security lapses

It’s not all digital. Lost USB sticks, devices left in cars, or poor storage can all cause real-world issues. Outside the office, in familiar surroundings, it can also be easy to drop your guard and click on a dodgy link, forget to lock a screen, or leave a device unattended

How common are cyberattacks on small businesses?

Nearly half (46%) of SMEs globally have experienced a cyberattack–and for many, the financial fallout is severe. Recovery costs can range from $120,000 to over $1.2m. That’s enough to put a huge dent in any business, and, for some, shut the doors for good.

But despite these risks, only 14% are confident they can defend themselves.

How to reduce the cybersecurity risk

You don’t need a big budget or an IT team to make a real difference. A few smart changes can go a long way:

• Run a risk assessment for cybersecurity

Take a step back and ask, "what’s at stake?" "What’s vulnerable?" "Who has access?" A cyber risk assessment and management helps you spot the gaps and build a plan.

• Review your internal policies

Cover areas like BYOD, password protection, acceptable use, and remote access.

Keep it simple. Not everyone needs access to everything. Restrict access to sensitive info or data based on roles, minimise admin privileges, and review permissions regularly.

Set clear security expectations including password managers, mobile device management and two-factor authentication. Get the basics down in writing and keep it up to date.

• Train your team

If your people are unsure what to do, you’re relying on luck. Cybersecurity training helps everyone play their part.

• Keep everything up to date

Schedule regular updates and renewals to stay on top of the latest threats.

• Explore insurance

If a cyberattack happens, are you protected? If not, a small premium for dedicated cyber cover could save you from a major financial headache.

• Ongoing management

Cybersecurity isn't a one-off. Regularly review your systems and check your policies as your business grows.

• Stay protected

The biggest cyber threats are often oversights, workarounds, or shortcuts taken inside the business. A few simple changes to your everyday practices can save you a lot of trouble down the line.

Want to know more about staying protected? Our V-Hub Digital Advisers are here to help.