01372 371009
admin@molevalleychamber.co.uk

Blog

Cybersecurity for SMEs

Enhancing Cyber Resilience for Businesses: Lessons from the South East Cyber Resilience Center (SECRC).

In a recent presentation, Patrick Milford, a seasoned expert with over 15 years of experience in policing, highlighted the growing risks that businesses face in the digital world. Drawing from his extensive background in tackling organised crime, fraud, and cybercrime, Patrick offered valuable insights into how businesses—especially small and medium-sized enterprises (SMEs)—can bolster their cyber resilience.

The Evolving Cyber Threat Landscape

Cybercrime is no longer the domain of large corporations. Patrick pointed out that 54% of SMEs have experienced a data breach or cyberattack in the past year, according to the Cyber Security Breaches Survey. This startling figure underlines the need for businesses to prioritise cybersecurity measures. “It’s not a matter of if, but when your business will be attacked,” Patrick cautioned.

While the majority of attacks stem from phishing attempts, Patrick noted that all businesses, regardless of size, must also prepare for more sophisticated threats such as ransomware and denial-of-service attacks. Cybercriminals exploit even the smallest vulnerabilities, often targeting employees who unknowingly click on malicious links, bypassing otherwise robust security systems.

Real-World Impact on SMEs

Patrick used the example of “Bob the Baker,” a small business owner who, like many, now relies heavily on online services for operations—such as card payments, email, and website management. Yet, despite this growing reliance on technology, Patrick found that many businesses fail to invest sufficiently in their cybersecurity, exposing themselves to significant risks.

Cyberattacks can be devastating for SMEs. A hacked social media account or compromised website can result in a loss of revenue and damage to reputation, while a ransomware attack can cripple a business by locking vital files and demanding payment for their release. Patrick stressed the importance of having a comprehensive incident response plan in place to mitigate such risks.

Simple Steps to Protect Your Business

One of Patrick’s key messages was that small steps can make a big difference. He advocated for businesses to adopt the following practical measures:

  1. Employee Training: Educate staff on how to identify phishing emails and other cyber threats. Patrick noted that only 18% of employees receive any form of cyber awareness training, despite the fact that phishing accounts for 90% of attacks.
  2. Two-Factor Authentication (2FA): Implement 2FA on all accounts to provide an additional layer of security. This simple step can prevent unauthorised access even if passwords are compromised.
  3. Regular Backups: Ensuring data is backed up regularly can prevent significant losses in the event of an attack. Patrick advised having a backup system that is disconnected from the main network to safeguard against ransomware.
  4. Incident Response Plans: Every business should have a formal plan detailing the steps to take in the event of a cyberattack. Patrick encouraged businesses to consider enrolling in government-supported schemes like Cyber Essentials, which provides a framework for improving cybersecurity.

 

Affordable Cybersecurity Solutions

To assist businesses in improving their cybersecurity, Patrick promoted the work of the South East Cyber Resilience Centre (SECRC), where he now serves. SECRC offers a range of free resources, including one-to-one consultations and practical advice on boosting cyber resilience. They also provide affordable services through partnerships with universities, enabling businesses to access web assessments and staff awareness training at reduced costs.

One such service is a website assessment, where cyber students evaluate a company’s online presence, identifying vulnerabilities that could be exploited by hackers. Businesses receive a detailed report with clear, actionable recommendations.

The Importance of Prevention

Throughout his talk, Patrick emphasised the importance of prevention. “Hackers aren’t targeting you personally—they’re just looking for weaknesses,” he explained. By making small, strategic improvements, businesses can significantly reduce their risk of falling victim to cyberattacks.

Patrick concluded his presentation by urging businesses to take advantage of the free resources and support available through organisations like the SECRC. “We’re here to help protect your business,” he said. “Don’t wait until it’s too late.”

This talk underscores the critical role that cyber resilience plays in today’s business environment. For SMEs, investing in cybersecurity is no longer optional—it’s essential for survival in an increasingly digital world.

 

The South East Cyber Resilience Centre

The South East Cyber Resilience CentreThe South East Cyber Resilience Center is one of nine Cyber Resilience Centres (CRCs) that serve the entirety of England and Wales. Established three years ago by the Home Office, the CRCs were created in response to a significant rise in cyber-attacks targeting small, medium, and micro-sized enterprises (SMEs). These attacks were having a devastating impact on business owners and affecting the wider economy, highlighting the urgent need for cybersecurity for SMEs.

Led by police officers, the CRCs offer free membership to businesses and organisations. By joining, businesses can access a range of valuable services at no cost, including one-on-one meetings with specialist police officers to assess their current cyber security posture, a series of 16 emails offering simple advice on improving cyber resilience, and webinars and newsletters that provide the latest information on cyber threats and trends within the region.

Additionally, the CRCs offer nine specialised services to support organisations in need, delivered in partnership with academia. These services range from website assessments and staff awareness training to more in-depth vulnerability and network assessments. To facilitate the delivery of these services, students in their second and third years of cyber-related degrees are selected to participate in the national cyber-crime programme within policing. Supervised by a cyber professional, these students gain valuable real-world experience, while organisations benefit from an affordable and accessible quality service to assist them on their cyber security journey.

This initiative represents a collaboration between regional policing, regional universities, and regional businesses and organisations, all working together to enhance cybersecurity for SMEs.

 

CHECKOUT MOLE VALLEY CHMABER EVENTS HERE


Are you a local business in the Mole Valley District and interested in joining the chamber? Find out more here.