top of page
  • Writer's pictureNeil Jones

How can SMEs prevent and protect themselves from cyber-attacks?

Neil Jones (Director of the North West Cyber Resilience Centre) has a keen interest in the world of cyber and the related issues facing businesses today in this ever-changing landscape - Neil shares some of the ways small businesses can prepare their staff and themselves.

I'm often asked why businesses should invest in cybersecurity. We often hear the phrase ‘It won’t happen to me’ or ‘I can’t afford to invest in security during a national lockdown.’

The COVID-19 pandemic saw a 400% increase in cyber fraud, with statistics reflecting that more than half of organisations have either been breached or exposed to an attack during the Covid-19 lockdown.

Self-employed, sole traders and micro-businesses may be at risk and, without access to relevant cyber support and services, will succumb to the same cyber-attacks.

In answer to those questions, the way we’re all working has changed, and we all need to address our cyber responsibilities in the office, on the go and when working from home.

With 46% of people in employment now working from home and often having to use their personal devices, employees are at risk if they haven’t been given the proper guidance on using the internet, phishing scams, mobile devices or the security needed to stay safe online.

A prime example is an increase in fake government emails during lockdown - as spoof emails are designed to look like they are from government departments. The emails contain links that steal personal and financial information from victims.

In the recent 2023 Cyber Security Breaches survey, the most common threat to business was phishing attempts, with 79% of businesses saying they have identified phishing attacks. Want to learn how aware your staff are of phishing attacks? Learn more about our simulated phishing exercise.

With local lockdowns and encouraging staff to work from home where possible, we expect to see a further shift to online commerce and digital interaction. We all have to ensure that we are safe when selling or shopping online for our peace of mind and to secure our business reputation and customer service responsibility.

There was a 20% increase in fraud from online shopping in 2019.

Figures from Action Fraud show that criminals conned 17,405 shoppers out of almost £13.5 million over the Christmas period in 2019, an increase of over 20% when compared to the same period in 2018. UK sales in online stores soared by 23% on Black Friday alone.

Cybersecurity is a key and necessary part of the here and now whilst also being front and centre of recovery plans to produce resilient and thriving businesses in 2022 and beyond.

We all need to adapt to this new changing behaviour and customer expectations. Your business should implement robust cyber policies and communicate these to your staff and all stakeholders.

Cybersecurity is not a luxury: it is a necessity.

As technology changes how we shop and do business, new opportunities also present themselves for cybercriminals. Indeed, the view is not whether a business will suffer an attack but when.

You need the best possible protection and the best possible recovery plan. The cost of prevention is less than the reputational and financial cost of recovery – so the fewer occasions on which recovery is necessary, the better.

The NCSC shares in its Cyber Resilience Toolkit for Retail, in a recent survey of retailers across the industry, Chief Information Security Officers (CISOs) report that they are seeing between 400% and 500% growth in the number of cyber-attacks compared with a year ago.

Through our own conversations with SMEs, cybersecurity adoption and training are dismissed as something that couldn’t happen to them. Even though they appreciate that such attacks can happen to big businesses. Too many businesses think that it won’t happen to them.

Simply put, they do not think it will happen to them. One business owner recently said, What would they want to hack me for?” The sad truth is that criminals no longer just target large corporations seen as rich pickings; they sweep wide and attack wherever a weakness exists.

The biggest barriers to cybersecurity adoption for SMEs are cost, knowledge, and the rapid nature of change with cybercrime. A small business doesn't know where to begin, and there is a false preconception that they can't afford the protection needed.

Quite the opposite is, in fact, true and can be found in our small business guide and cyber incident response pack, all of which are relatively easy to implement as an SME.

The Cyber Resilience Centre was set up to support SMEs in the North West and presents a unique combination of corporate business, law enforcement and academia. We promote positive assurance to business rather than fear through our free membership, providing webinar-based training (hopefully face-to-face in future) and access to the latest government guidance.


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.


Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.


This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page