A leading technology expert has issued an urgent warning to UK small businesses as cyber-attacks continue to rise at an alarming rate. Roy Shelton, CEO of managed services provider Connectus Business Solutions, has revealed five critical security measures that could mean the difference between business survival and collapse.
The Growing Threat to UK Businesses
Recent government statistics paint a concerning picture for British enterprises. Approximately 43% of UK businesses - equivalent to 612,000 companies - fell victim to cyber-attacks last year. The financial impact has become increasingly severe, with the average cost of dealing with a security incident now reaching £3,500 - a figure that could prove catastrophic for many small operations.
Shelton emphasised the escalating nature of the threat, stating: "The number of 'nationally significant' attacks has sharply increased from 89 to 204 in the 12 months to September. We're also witnessing a 200% increase in failed attempts that we've proactively protected our customers from compared to this time last year."
Five Essential Security Measures
1. Implement Multi-Factor Authentication Everywhere
According to Shelton, relying solely on passwords is no longer sufficient for adequate protection. "Over 80% of breaches involve weak or stolen credentials," he warned. Multi-factor authentication (MFA) has become essential for all business accounts including email, Microsoft 365, cloud services and VPNs. He recommends using free app-based authenticators like Microsoft Authenticator or Google Authenticator instead of SMS codes for stronger security.
2. Maintain Regular System Updates
Unpatched software represents one of the most common attack vectors for hackers exploiting known vulnerabilities. Shelton advises businesses to enable automatic updates on all devices and servers, regularly review and retire unsupported systems, and maintain a comprehensive inventory of all hardware and software to track patch status effectively.
3. Educate and Test Your Team
Human error remains the single biggest cyber risk, ranging from phishing attempts to accidental data sharing through poor processes or social engineering scams. The technology CEO recommends running short, regular training sessions on phishing awareness, password hygiene, and safe file sharing practices. Simulating phishing attacks can help measure awareness and improvement, with tools like Knowbe4 automating this process.
4. Secure Data Backup Procedures
Ransomware attacks can cripple small businesses, but robust backup systems ensure quick recovery. Shelton advocates for the 3-2-1 backup rule: three copies of data, two different storage types, and one offsite or cloud backup. Crucially, he stresses the importance of regularly testing restoration from backups and ensuring backups are encrypted and isolated from the main network.
5. Develop a Layered Defence Strategy
No single security tool can prevent every attack, which is why a multi-layered approach significantly reduces the risk of a single point of failure. Businesses should deploy endpoint protection, email filtering, network intrusion detection, and 24/7 firewalls, complemented by ongoing staff training. Shelton strongly recommends engaging a reputable managed service provider (MSP) or security partner to monitor and respond to threats, ensuring immediate professional remediation if an attack occurs.
The Stakes for Small Businesses
While high-profile attacks on companies like Jaguar Land Rover - which lost an estimated £1.9 billion to a cyber incident - capture headlines, Shelton emphasises that small businesses face particularly severe consequences. "Small businesses make up half the economy," he noted, "and the impact of an attack for them could represent an existential risk."
Speaking ahead of Small Business Saturday at the end of the month, Shelton described strong "digital housekeeping" habits as essential for keeping cyber-criminals at bay. His advice comes as businesses of all sizes grapple with increasingly sophisticated threats in the digital landscape.
With cyber-attacks showing no signs of slowing down, implementing these five fundamental security measures could provide small businesses with the protection they need to survive and thrive in today's challenging digital environment.
