top of page

Welsh SMEs need to start prioritising cyber security this Small Business Saturday




As Small Business Saturday approaches, it’s a great time to celebrate the incredible contribution small businesses make to our communities, economy, and daily lives. However, as we champion their resilience and innovation, it’s also essential to address the growing challenges they face with the ever-rising frequency of cyber-attacks on organisations. For example, the British Retail Consortium Crime Survey 2024 reported that 57% of retailers have reported an increase in cyber-attacks and breaches, that’s a 17% increase on the year before.

Director of the Cyber Resilience Centre for Wales, Paul Peters, looks at why cyber security is vital for small businesses across all sectors, and how they can take practical steps to safeguard their operations. Small Business Saturday is about empowering small businesses to thrive—and strengthening cyber security is a critical part of that mission.


I recently discussed the ongoing issue of cybercrime with an MSc student who had conducted some research into Welsh SMEs and cyber security, and his findings identified that small business owners often prioritise convenience over cyber security. Yet, cyber security is a challenge that mustn’t be overlooked, whether you run a boutique shop in Narberth, a café in Pontypool, or a tech startup in Tregaron, protecting your business from cyber threats is as crucial as delivering quality products and services to your customers.


For small businesses in Wales, even basic online activities such as emailing, online banking, or maintaining a social media presence can expose them to cyber threats. The WCRC aims to help SMEs enhance their cyber security defences.


What are the biggest threats facing small businesses?

The most common threat both individuals and organisations face is phishing. This occurs when cybercriminals pose as legitimate organisations or individuals through email, phone, or SMS, to trick employees into sharing sensitive information like passwords, banking details, or personal data. Attacks are becoming increasingly sophisticated, but there are some basic tips to help spot a suspicious email:

  • An urgent call to action.

  • Spelling and grammar mistakes.

  • Mismatched sender email addresses (hover over the displayed name to verify).

  • Requests for sensitive information.

  • Unusual file attachments.

  • Odd sending times.

  • Generic greetings instead of addressing you directly.

  • A general feeling that "something isn’t right.


If you receive a suspicious email or message:

  1. Never click links or download attachments.

  2. Verify the sender by contacting them directly without replying to the original email or message.

  3. Forward suspicious emails to the Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk

  4. For suspicious text messages, forward them to 7726 (free of charge).


What else can a business do to improve their resilience to cyber-attacks?

Here are some more measures which are simple to implement which will help improve your business's cyber security:


1. Use strong and unique passwords

Passwords are your first line of defence. Avoid weak or re-used passwords by following the National Cyber Security Centre’s (NCSC) recommendation of using three random words (e.g., SunshineHeadphonesMagazine). For added protection, include symbols, numbers, or even Welsh words.

Using a password manager can also help securely store and manage complex passwords.


2. Enable two-factor authentication (2FA)

Two-factor authentication (also known as multi-factor authentication) adds a critical extra layer of security. Even if a password is compromised, 2FA prevents unauthorised access. Common 2FA methods include one-time codes sent via SMS, email, or authentication apps.


The NCSC provides guidance on how to set 2FA up for your email and social media accounts.


3. Regularly back up your data

Data backups are vital for business continuity, especially in the event of ransomware attacks, theft, or system failures.

  • Use encrypted and password-protected backups.

  • Keep backups isolated from your main network to ensure they’re not compromised in an attack.


4. Keep software up to date

Every piece of software or application your business uses can become a target for cybercriminals. Regularly updating and patching systems helps close security vulnerabilities that hackers exploit.

When setting up new devices:

  • Remove unnecessary pre-installed software.

  • Enable firewalls and install up-to-date antivirus software.


5. Ensure staff and employees are made aware of the risks

People can be one of our strongest defences against cybercrime but training them and giving them the tools to recognise attacks is crucial. The WCRC offers tailored cyber security awareness sessions designed to suit all knowledge levels. Delivered in easy-to-understand terms, these sessions use real-world examples to help employees recognise and respond to cyber threats confidently.


The WCRC offers free core membership to small businesses in Wales providing access to:

  • Practical cyber security guidance.

  • Threat updates.

  • Resources and toolkits.


Taking simple steps now can significantly reduce your business’s vulnerability to cyber-attacks. Protect your business, customers, and reputation by prioritising cyber security today.

For more information or to access tailored training, contact the WCRC.

 

Comments


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page