It’s no secret that SMEs are more vulnerable to cyberattacks than other organisations. They’re grappling with limited resources, adjusting to new working practices, and dealing with staffing issues. And that doesn’t take into account the daily churn of business.

Because of that, there tends to be a lack of awareness from leadership around cybersecurity issues and how they’re prevented. And with budgets stretched and costs rising, the ability to employ specialist staff or to renew cyber insurance is hindered. But, that doesn’t mean your organisation needs to be at risk.

Most threats are very well known. In fact, a report released by the Joint Cybersecurity Advisory (JCA), said that Phishing remains the most likely way cyber criminals will attack your business. This type of attack comes through email and asks recipients to click a link or download an attachment. When you click on the link, it might ask you for a username and password for one of your applications, or it might install some malware onto your computer – and hey presto they’re into your network.

The JCA report added that legitimate usernames & passwords were also just as likely to be used by cybercriminals to gain access to your network. These would be stolen from unsuspecting users, usually, via phishing attacks or credential pharming, a practice that installs code on your laptop and redirects you to fraudulent websites with the aim of getting you to input personal information.

With more people working remotely, SMEs are increasingly compromised through remote access channels. The rise in flexible working means that cybercriminals are able to gain access to your network by exploiting remote access solutions like VPN connections. Again, they will need a username or password to access the network – which they can gain through phishing or pharming.

There’s a common theme here – the attacks are linked to phishing, gaining passwords and usernames, and exploiting your network. Each is preventable, and doing so doesn’t isn’t expensive or time-consuming.

In its report, the JCA recommended implementing multifactor authentication (MFA) across your business – and as one of London’s leading Managed Service Providers, we couldn’t agree more. It’s free and easy to do, and something we recommend to every organisation we work with. It’s not a cure-all, but it will give a very strong line of defense, and when combined with robust passwords (use phrases or password software) it will make it extremely difficult for cybercriminals to compromise your details.

Finally, make sure you patch & update your software and hardware. Doing so means any vulnerabilities will have been fixed and security flaws will have been mended. That means cybercriminals will have a harder time finding backdoors to enter through. Your Managed Service Provider can help with this.

Nutbourne is a London Managed Service Provider. For help and advice on improving your cybersecurity, visit or get in touch on +44 (0) 203 137 7273