Small and medium sized businesses are targeted in cyberattacks too — it's not just large corporations. In fact, smaller businesses in industries such as construction have become prime targets, as attackers know these businesses don't have the same level of security or investment in place, compared to large businesses.
We get it, those that run SMBs haven't got cybersecurity as the first thing in their mind. You've got other stuff going on. But cybersecurity can put your business on pause for days, weeks, or even months... is that something your business can handle?
Let's break down the most common cyber threats to UK SMBs, and what you can do to stop them.
Phishing emails
What is it
Phishing is when a criminal sends a convincing-looking email pretending to be someone you trust — like a supplier, client, or even your bank. The email might ask you to click a link, open an attachment, or enter your login details.
How it affects your business
It's easy to fall for these scams, especially when you're busy. We've seen fake invoices, supplier payment changes, and project-related messages used to trick people into sending money or credentials.
How to stop it
- Think before you click: Always check the sender's address carefully, and review the email they sent to look for phishing red flags.
- Train your team: Even basic awareness training can stop most phishing attempts.
- Use email filtering and MFA: These block fake emails and protect your accounts.
Ransomware
What is it
Ransomware locks your files until you pay a fee to get them back. These attacks usually start from a dodgy link or attachment.
How it affects your business
If all of your data is store on infected systems, everything grinds to a halt. Even losing access for a day can be costly and damaged to your reputation.
How to stop it
- Regularly back-up your data: Keep back-ups of your data (including one copy offline) in case your files are locked or lost.
- Keep software up to date: Software updates bring security patches, helping to protect you from malicious actors.
- Invest in professional cybersecurity tools: These tools detect and block ransomware before it spreads throughout your business.
Weak passwords
What is it
A weak password is easy to guess or break into. Passwords like "Password123" or "Admin2025" practically open the door for hackers.
How it affects your business
Shared logins or weak passwords for software, cloud storage, or essential business tools make you vulnerable. Even worse, if you reuse passwords, hackers can get into multiple accounts and gain access to much more.
How to stop it
- Use a password manager: These management tools securely store your passwords so you can have unique and complex passwords for each account, without forgetting them or writing them down.
- Opt for three random words: If you don't have a password manager, choose three random words as your password instead. This method is proven to be complex enough, but much easier to remember.
- Enable MFA: With multi-factor authentication in place, you've got an extra layer of protection if someone manages to get past your complex password.
Insider threats
What it is
Not all risks come from outside. Sometimes, an employee accidentally shares sensitive data or downloads malware, this is called an insider threat. Even less common, sometimes (ex) employees malciously put businesses at risk.
How it affects your business
Companies that rely on teamwork and shared access, which can make it easy for mistakes to happen — especially when teams are split between office and site.
How to stop it
- Limit access: Staff should only be able to access data and software that they need, and nothing more.
- Cybersecurity awareness training: Reduce the likelihood of mistakes by educating your employees.
- Monitor activity: Unusual logins or file transfers can be flagged to monitor suspicious activity.
Unsecure Wi-Fi and devices
What it is
Connecting to public Wi-Fi or using personal devices for work without proper protection opens up security holes.
How it affects your business
When site managers or contractors access project files from mobile devices or laptops, unprotected connections can expose company data.
How to stop it
- Use a VPN: A virtual private network gives you a more secure connection when working remotely.
- Ensure company devices are encrypted and updated.
- Have a mobile device management policy: This keeps all mobile endpoints in secure.
Cybersecurity doesn't have to be complicated, the key is awareness and consistency. By addressing these five common cyber threats, you'll protect your business from downtime, data loss, and financial damage.
