A recent study commissioned by technology services provider Probrand has uncovered concerning cybersecurity vulnerabilities among UK small businesses.
The research reveals that 69 percent of these businesses are using weak passwords to access critical documents and internal platforms, leaving them exposed to potential cyber threats.
Probrand, based in Birmingham, conducted comprehensive cybersecurity risk assessments across hundreds of small to mid-sized organisations. The findings highlight several critical areas in need of improvement. Notably, 47 percent of the businesses surveyed did not have up-to-date antivirus software to detect hacking attempts, and nearly a fifth (15%) lacked any firewall protection against cybersecurity breaches.
The study also discovered that nearly half (48%) of these businesses fail to provide cybersecurity awareness training to employees, leaving staff ill-equipped to identify potential risks when using technology.
Matt Royle, Marketing Director at Probrand, expressed alarm at the findings: “It’s shocking to see so many businesses are not properly set up to protect against or recover from a cyberattack. Many lack the proper software or training to educate on the potential risks and impact of these types of attacks.”
Royle emphasised the urgent need for businesses to address these vulnerabilities, noting that 29 of percent the organisations surveyed had no patch management in place—a critical process for maintaining security and productivity. Citing YouGov data, Royle highlighted that 49,000 instances of fraud occurred as a result of cyberattacks, with the average cost of a digital attack on a business estimated at £15,300.
Key recommendations to enhance cybersecurity measures:
- Adopt Passwordless Authentication: Moving towards passwordless solutions, such as passkeys, physical tokens, or biometrics, can improve security by eliminating the need for complex passwords and reducing the risk of cyberattacks.
- Upgrade Outdated Firewalls: Businesses should replace firewalls that are over three years old, as outdated technology is less effective against modern threats. Proper configuration by experts is essential to block unnecessary traffic while allowing necessary data through.
- Enable Multi-Factor Authentication (MFA): Implementing MFA across multiple platforms can significantly reduce the risk of unauthorised access. This measure is often free and crucial for securing sensitive accounts.
- Develop Strong Cybersecurity Policies: Establishing robust cybersecurity policies and an incident response plan is vital for protecting businesses from threats and ensuring employees know how to respond in case of an attack.
- Invest in Employee Training: Providing regular cybersecurity awareness training helps employees recognise and avoid potential threats, such as phishing attacks. Simulated phishing exercises can be an effective tool for testing and reinforcing this training.
Probrand’s recommendations underscore the importance of a proactive approach to cybersecurity. By updating systems and educating employees, small businesses can better defend against and recover from cyber threats, safeguarding their operations and financial health.
Amelia Brand is the Editor for HRreview, and host of the HR in Review podcast series. With a Master’s degree in Legal and Political Theory, her particular interests within HR include employment law, DE&I, and wellbeing within the workplace. Prior to working with HRreview, Amelia was Sub-Editor of a magazine, and Editor of the Environmental Justice Project at University College London, writing and overseeing articles into UCL’s weekly newsletter. Her previous academic work has focused on philosophy, politics and law, with a special focus on how artificial intelligence will feature in the future.
