5 Non-Negotiable Cyber Security Basics Every UK SME Needs Today

Cyber security isn’t just an IT problem; it’s about protecting the heart of your business; your people, your ideas, and your future. Startling statistics show that 1 in 5 small businesses will suffer a cyber breach this year, with a staggering 81% of all breaches affecting SMEs*.

The good news is that vulnerability doesn’t have to be destiny. A significant 97% of these incidents could have been prevented with existing technology. The solution isn’t complex or expensive; it’s about getting the basics right.

Here are five non-negotiable cyber security basics every UK SME needs to implement today to build a strong, resilient digital foundation.

1. Fortify Your Digital Frontier with Robust Firewalls

Think of your firewall as the digital bouncer at the entrance to your network. Its primary job is to block unauthorised access from external networks, making it your crucial first line of defence.

However, simply having a firewall isn’t enough. You must ensure it is:

• Securely Configured: Avoid default passwords, and only open necessary ports and services.
• Enhanced with IDS/IPS: Enable Intrusion Detection and Intrusion Prevention (IDS/IPS) features to actively monitor network traffic and automatically block malicious activity.
• Continuously Monitored: For comprehensive oversight, log files from your firewall should be sent to a managed Security Information and Event Management (SIEM) system for continuous vigilance.

2. Implement Secure Configuration Across All Systems

Every device and application in your business—from laptops to servers—needs to be configured with security as the top priority. This means moving decisively beyond factory default settings, which are often easily exploited.

Key steps for secure configuration include:

• Maintain an Inventory: Create and regularly update an inventory of all your devices and applications.
• Reduce the Attack Surface: Delete any unnecessary software, as every installed program represents a potential avenue for a hacker.
• Enforce Proper Authentication: Enforce strong, unique passwords for all accounts and ensure users cannot access systems without proper authentication.

Taking this proactive approach significantly reduces your overall attack surface.

3. Embrace Multi-Factor Authentication (MFA) Everywhere Possible

Passwords, no matter how strong, can be stolen or guessed. Multi-Factor Authentication (MFA) adds a vital second (or third) layer of protection, ensuring that even if a password is compromised, your data remains secure.

MFA typically requires a combination of at least two factors:

• Something you know (your password)
• Something you have (like a code from your phone)
• Something you are (like a fingerprint)

Utilise MFA whenever you can—for your network, banking websites, cloud services, and even social media. It is a simple yet incredibly effective way to prevent unauthorised access.

4. Enforce Strong Password Policies and Practices

While MFA is crucial, strong password policies remain a cornerstone of good cyber security. Many cyber attacks exploit weak or reused passwords.

Your policies should include:

• Complexity Requirements: Mandate the use of complex passwords.
• Non-Reuse Rules: Discourage the reuse of passwords across different platforms.
• Regular Education: Beyond technical policies, educate your employees on the dangers of password reuse and the importance of creating unique, strong passwords for every account.

This focus on the human element is critical in preventing a widespread compromise if one account is breached.

5. Prioritise Regular Security Updates and Patch Management

Software vulnerabilities are a common entry point for cyber criminals. It is imperative to keep all your devices and applications up-to-date with the newest versions.

A robust patch management plan should ensure you are:

• Maintaining Supported Software: Ensuring all software is licensed and supported.
• Enabling Automation: Enabling automatic updates where possible.
• Applying Critical Patches Quickly: Applying critical patches (those with a Common Vulnerability Scoring System (CVSS) v3 score of 7 or higher) within 14 days of their release.

An automated patch management plan is essential to protect your computers from the latest known attacks.

Conclusion

Implementing these five foundational cyber security basics is not just about compliance; it’s about building resilience, protecting your reputation, and ensuring business continuity.

By focusing on these essential steps, you can significantly reduce your risk and operate with greater confidence in the digital age. At ET Works, we demonstrate our commitment to these very controls by being both Cyber Essentials and ISO 27001 certified.

* Cyber security breaches survey (Published by GOV.UK)

Resources

Cyber Essentials Brochures supported via CyberSmart

Cybersecurity Essentials for Business Owners 2024 – acts as an introductory guide, focusing on foundational knowledge, core security controls, and practical first steps for organisations establishing their basic cyber defence posture.

Cyber Security Booklet 2023 a more comprehensive resource, detailing in-depth approach to security, including advanced services like vulnerability management, threat intelligence, data encryption, and robust incident response planning.