Small businesses, startups, and charities are becoming increasingly vulnerable to sophisticated cyber threats. It’s much more lucrative for cybercriminals to carry out simpler, quicker, and less risky successful attacks against startups and small businesses, compared to larger organisations with dedicated security teams. However, the impact of a cyberattack on SMEs can be devastating.

Our research has revealed over half of businesses (61%) struggle to keep up with cyber security measures. For SMEs with limited resources, it’s natural the focus is firmly on growing the business. Yet, given this landscape of complex cyber threats, it is essential for startups to protect themselves. And there are three things they can do to get ahead – setting up strong foundational security protocols, protecting the network, and elevating supply chain security.

Back to (cyber) basics

Starting with the foundations is paramount for startups and businesses to enhance their resilience against cyber-attacks. It might seem simple, but when things are moving at a fast pace, these principles can be easy to miss. This entails securing data backups, enforcing robust password security, and regular employee training to mitigate cyber risks.

When securely backing up data, businesses should adopt diverse approaches. This could be through external hard drives, cloud storage, or investing in network-attached storage (NAS) devices, dedicated file storage that enables multiple users to retrieve data while remaining secure.

Security technologies are often undone by human error, which remains the origin of most cyber-attacks – so training your people well is essential. The most visible risk is phishing, where attackers attempt to trick users into handing over personal data, downloading malware, or directing them to a dangerous website.

A majority (80%) of cybersecurity attacks involve weak or stolen passwords and keeping these secure is the first step in minimising the risk of information exposure. It may seem obvious, but failing to keep passwords secure is still the downfall of many businesses when it comes to cyber safety. Utilising three random words and changing passwords every 90 days can provide a protective shield.

For businesses and start-ups who want to learn more, there are incredible resources available from the National Cyber Security Centre (NCSC). It offers free course for small business employees to upskill on cyber security, with lessons on backing up data, protecting against malware, and defending against phishing.

Working closely with industry and government partners like the NCSC is one way companies can ensure they have the latest intelligence on cybersecurity threats and trends. With the information the NCSC shares, it can ensure startups and businesses have the right tools to assess their IT estates and supply chains for vulnerabilities, whilst making sure that their employees uphold security best practice.

Treating cyber security like home security

Safeguarding networks should be another key focus area for businesses and startups. Our monitoring indicates that, on average, a company undergoes scanning and testing by cybercriminals every 30 seconds. It’s the equivalent of burglars casing your property looking for an open window. So, it’s worth investing in proper protection. Adopting business-grade Wi-Fi with built-in security should become standard practice across SMEs to counteract such threats. Businesses are increasingly embracing 'zero trust' models, an approach that requires all users, whether in or outside the organisation's network, to be given permission to use a company’s network.

It provides visibility of who is on the network, reducing risks, and supporting the operational needs of companies in a hybrid working environment.

As hybrid and distributed workforces become more prevalent, the cybersecurity perimeter for organisations expands – more open windows for criminals to exploit. Providing employees with practical remote work tools shouldn’t mean compromising on the security of data and devices. The zero-trust model makes this easier: by implementing robust authentication, empowering people to work wherever they want, securely.

Upping the ante on supply chain security

Lastly, supply chains are set to remain prominent targets for startups. Gartner predicts that by 2025, 45% of organisations worldwide will have experienced attacks on their software supply chains - a three-fold increase from 2021. Regular assessments and collaboration with supply chain partners is essential to ensure supply chains are secure. By identifying potential vulnerabilities and weaknesses, businesses can develop a risk management framework, building a plan to mitigate risks. 

If in doubt, ask for help

For any business, upgrading cyber defences can, at times, be stressful and complex. Startups can turn to the targeted guidance and online tools provided by the NCSC, such as their Small Business Guide and Cyber Essentials readiness toolkit, whilst taking advantage of their broader advice for SMEs.

By setting up foundational security protocols, protecting the network, and regularly checking supply chain security, startups will boost their cyber defences in 2024, and beyond.