In our recent LinkedIn Live event, Fiona McKee from The HR Practice spoke with cyber security experts Hamish Fraser, Managing Director of NVT Group Ltd, and Lorraine Mills, Managing Director at Blue Rock Cyber Defence, about the critical importance of cyber security for SMEs. Here are the key insights and practical tips from the discussion:
Are SMEs Especially Vulnerable?
Lorraine Mills highlighted that cyber threats affect everyone, not just SMEs. Our lives and businesses are deeply digital, leaving us exposed. However, SMEs face unique risks due to limited resources and IT expertise.
Hamish Fraser added, "SMEs don't always have the bandwidth, skills, or capacity for dedicated cyber security personnel. This often leaves them more exposed than larger enterprises."
Starting Out: Top Cyber Security Priorities
When starting a business, Hamish recommended:
- Conducting an initial cyber risk assessment to understand current vulnerabilities.
- Ensuring software and security updates are always current.
- Implementing proper firewall and antivirus configurations.
- Investing in regular employee training to build a security-aware culture.
- Protecting data with robust backup and restore procedures.
Lorraine Mills advised SMEs to use their existing tools effectively: "Many companies already pay for security features in platforms like Microsoft 365 but don't activate them. Be proactive—know your tools and how to use them."
Common Cyber Security Mistakes SMEs Make
A significant risk often comes from employees themselves, typically due to insufficient training or awareness. Lorraine emphasised the importance of regular and practical user training:
"Assuming your staff know how to create strong passwords isn't enough. You need to engage actively with your team, reinforcing security messages consistently."
Hamish stressed ongoing vigilance: "Cyber threats evolve continuously. You can't simply set up your security measures once and forget them. Regularly reviewing your cyber security posture is essential."
The Importance of Clear Policies and Procedures
Lorraine pointed out that businesses frequently misunderstand who is responsible for IT security decisions:
"IT departments implement the technology, but business leaders must make strategic security decisions. Policies and governance should be set at the business level, not by IT alone."
Hamish agreed, highlighting that independent guidance can significantly enhance cyber security practices:
"Boards often don't know the right questions to ask about cyber security. Independent reviews can provide clarity and ensure nothing crucial is overlooked."
Real-Life Impact: IT Support in Action
Hamish shared a compelling example of how effective IT support protected a client's business during a cyber attack:
"We had a client acquiring multiple businesses. Their robust security practices prevented significant harm when one acquisition target suffered a severe attack due to poor security measures. Proper IT support literally saved the acquisition and ensured ongoing protection."
Choosing the Right IT Partner
When selecting an IT partner, Hamish suggested asking:
- What relevant experience and case studies can you provide?
- Do you offer proactive rather than reactive support?
- What meaningful service level agreements do you offer?
- How do you maximise value rather than just minimise costs?
- Conducting a Cyber Health Check
Lorraine outlined what a basic cyber health check should include:
- Reviewing existing policies and governance frameworks.
- Assessing cloud infrastructure and security tools.
- Evaluating backup and recovery capabilities.
- Running vulnerability scans regularly.
- Checking data storage locations and data retention policies.
Key Takeaways
1. Cyber security isn't optional—it’s critical for SMEs.
2. Employee training and awareness are your frontline defence.
3. Regular cyber security reviews and health checks are essential.
4. Clear, business-driven policies and procedures underpin effective cyber security.
As Fiona McKee noted, ignoring cyber security isn't worth the risk: "Acting after a breach is far too late. Proactive measures are essential."
For expert support or a cyber health check, reach out to our specialists:
Hamish Fraser (NVT Group Ltd)
Lorraine Mills (Blue Rock Cyber Defence)
Secure your business today—your future depends on it.
