Cyber Security

What Cyber Security Practices Should SMEs Prioritise Amidst Resource Limitations?

Tightening budgets and a shortfall in cyber security professionals are barriers to SMEs having the cyber security standards needed given the current threat landscape. With the sophistication and frequency of cyber attacks ever-increasing, we explore four high impact and affordable ways that organisations can improve their cyber defences.

Written by

Team Nucleus

Written on

7th December, 2023



SMEs have become an attractive target for cyber criminals due to their typically less robust security measures when compared to larger organisations. Tight budgets and a 3.4 million shortfall in the cyber security workforce are barriers to organisations making the extensive cyber security investments needed to secure their networks. Targeted companies often end up declaring bankruptcy due to the significant costs of recovery, business disruption, and reputational damage.

This blog recommends four high impact, yet affordable, ways that smaller businesses can enhance their cyber security including employee training, software updates, cloud backups, and Managed Detection & Response (MDR) services.


1. Cyber Security Awareness

Comprehensive employee cyber security awareness training should be the foundation of small business security given that human error enables most attacks. Phishing attacks depend on deceiving employees into clicking malicious links or attachments. Likewise poor password practices lead to stolen credentials and data breaches. Providing regular cyber security training is a low cost way to dramatically improve vigilance and threat detection. Statistics show that 90% of cyber attacks start with a phishing email and over 80% involve compromised passwords. Meanwhile, small companies scoring high on security awareness surveys have a 70% lower likelihood of a breach, highlighting the importance of regular cyber training.


2. Software Updates

Small businesses often rely heavily on off-the-shelf software. Therefore, maintaining patch regimes is imperative though resource intensive. Software vulnerabilities are often at the root of a cyber attack, enabling exploits and stolen data incidents. In cases where patches remediate critical remote code execution flaws, rapid installation should be mandated across the ecosystem.

For example, the Log4j vulnerability crisis exposed millions of unpatched servers which led to numerous company breaches. Industry bodies have defined timelines expecting vendors to release patches for severe flaws within days. Another prominent example is the MOVEit vulnerability that was revealed earlier this year. The total impact of the vulnerability is still unknown, although the most recent statistic confirms that over 2600 organisations have been impacted; a number that continues to rise.


3. Cloud Backups

Cloud backups provide resilience against ransomware which can quickly bankrupt small firms. Ransomware attacks are escalating exponentially, with over 75% of incidents targeting small businesses over the last year. Maintaining cloud backups allows recovery of data and systems without paying the ransom demanded by adversaries.

Reputable infrastructure providers now offer low cost and easy to use backup solutions. The impacts of ransomware are disastrous for small businesses, with over 60% of affected companies closing down within six months of an attack. Having off-site backups is therefore a highly recommended resilience strategy.

4. Managed Detection & Response (MDR) Services

24/7 MDR Services provide organisations with 24/7 monitoring by an outsourced team of cyber analysts. This enables organisations to save on CAPEX and OPEX as it removes the need to employ multiple cyber analysts and invest in the space and equipment needed for a SOC (Security Operations Centre).

Telesoft’s MDR Service provides all of this and more. Based out of our secure UK Security Operations Centre (SOC), we offer bespoke services to each individual customer, efficiently detecting and preventing cyber attacks across on-premise, cloud, and hybrid network environments. Our team of expert analysts utilise Artificial Intelligence and Machine Learning Algorithms alongside the latest threat intelligence to detect the most sophisticated of threats, as well as using their extensive experience to proactively search for suspicious or malicious activity. Operating 24/7/365, our service helps organisations detect and respond to breaches before they escalate.



In conclusion, compromised employee credentials, unpatched software, and ransomware incidents, alongside a number of other threats, present persistent cyber threats to organisations of all sizes. Prioritising regular staff security training, prompt software updates, and encrypted cloud backups would provide impactful safeguards against prevalent attacks without breaking the bank. MDR services such as our bespoke SOC service can also rapidly reduce detection times, providing 24/7 assurance without costing the earth.

Heeding these critical measures requires a change in mindset rather than extensive budgets. Small businesses that choose to ignore basic cyber security ultimately jeopardise their entire company. The time has therefore come to implement essential cyber plans that can guard against crippling data incidents or breaches.


Recommended Posts

Subscribe to Nucleus blog updates.

Subscribe to our newsletter and stay updated.

Subscribe to Nucleus