SMEs and cyber attack

Research shows that cyber attacks are an increasing problem for SMEs and it’s something that we think you should be paying more attention to. We explain why SMEs are a target, how attacks happen, what the potential risks are and how you can defend yourself.

Cyber Threat

Why SMEs are an easy target?

SMEs don’t normally think that they’ll be a target of cyber threats as they have no data or information that is of value or worth stealing. “Surely they will target the bigger companies who have a lot more to lose” you think. Because of this, many SMEs don’t plan any defence against cyber-attacks or make it part of their priority to increase online security. This makes them more susceptible to being attacked. Large companies will normally have many defences in place to make sure the threat to their system is kept to a minimum. Admittedly, it is a very complicated subject and for those that may not be so up to date with technology, it can simply be an issue of being aware of the problem but not knowing where to start.

How attacks can happen?


When fraudsters try to access sensitive and personal information such as credit card details, usernames and passwords by posing as a trustworthy source such as a bank or friend.

Social Engineering

An intrusion method for hackers, essentially con artists. They trick people into giving them information that would compromise the network or computers security. They often play on people’s weaknesses and helpfulness, pretending to ring an employee with some sort of problem.

Water holing

Attackers will observe for some period or guess which websites a company often visits and will infect one or many of them with malware (which will then gain access to your computer system or sensitive information).


Companies are black mailed for money or information in exchange for removal of harmful programs.

Botnet/denial of service attack

When a group of computers will attempt to overload your network to deny you temporary access.

What are the risks?

There are two main risks in which your data might be at risk.

Firstly, this could be through stealing personal information such as bank accounts or identity thefts. Cyber criminals can sell your credit card details or identity details on the black market quickly and easily.

Secondly is by stealing your company information such as product designs or operation processes, this could potentially be sold to competitors or leaked into the market. You’ll then not only lose your competitive advantage but your competitors will gain from this.

It’s not just financial and commercial losses on the line, but the time taken for your company to recover will also be substantial.

So what can you do to defend yourself?

  • Make sure you and your employees use strong and hard to guess passwords that are changed every three months.
  • When sending sensitive information, make sure it is encrypted.
  • Ensure your system has the most up to date version of security protection to block out vulnerabilities.
  • Don’t open unknown links or files
  • Only allow company approved devices to access your network, not only to protect sensitive information but also any viruses on other devices could be passed to your network.