How to protect your business from a cyber attack

Cyber attacks aren’t just something that happens to big corporations. If you think your small or medium-sized business is too small to be a target, think again.

In the last few months alone, major brands like M&S and Co-op have been hit by cyber attacks that disrupted customer services and exposed vulnerabilities. But while those names make headlines, the silent victims are often SMEs, and the impact can be devastating.

According to the UK Government’s Cyber Security Breaches Survey, over a third (32%) of small businesses experienced a cyber attack or data breach in the last 12 months. That jumps to 59% for medium-sized businesses. And for many of those businesses, the fallout wasn’t just technical, it was financial, reputational and operational.

The reality is: SMEs are prime targets, often because they lack the security infrastructure of larger organisations. Cyber criminals know this. And they’re getting smarter.

So, what can you do to protect your business?

6 steps to protect your business from a cyber attack

1. Start with the basics

• Use strong, unique passwords and change them regularly.

• Implement two-factor authentication (2FA) for all accounts—this one step can block most unauthorised login attempts.

• Install reputable antivirus and anti-malware software on all devices.

These aren’t just IT department tasks. As a business owner, you need to set the standard from the top down.

2. Train your team

Your people are your biggest asset, and potentially your biggest risk.

Most cyber attacks start with a simple mistake: someone clicking a phishing email, downloading a fake invoice, or using the same password across multiple platforms. Regular training can stop these errors before they happen.

Invest in staff awareness training at least once a quarter. Even short, simple sessions can make a difference.

3. Back up everything (and test it!)

Ransomware attacks are on the rise. They lock you out of your own systems until a ransom is paid—and even then, there’s no guarantee your data will be returned.

Regular, automated backups can be a lifesaver. Store them securely, preferably offsite or in the cloud, and test your backup system to make sure it works.

4. Stay updated

When your computer or software tells you there’s an update available, that’s not just about new features, it often includes critical security patches.

Delaying updates leaves your system vulnerable to known threats. Make it policy to update all systems, software, and plugins as soon as possible.

5. Assess your supply chain

The M&S and Co-op breaches both stemmed from vulnerabilities in third-party providers. That’s a warning sign for all businesses relying on external platforms.

Ask your suppliers and software providers:

• What are their cyber security protocols?

• Do they encrypt your data?

• How do they handle breaches?

It’s your data and your business on the line—even if the breach happens elsewhere.

6. Get a cyber health check

Not sure where your risks are? Start with a cyber risk audit. You don’t need to be an IT expert, you just need the right support.

At A4G, we can help you assess your systems, policies, and processes, and connect you with trusted partners who specialise in SME cyber protection. Prevention is far cheaper than cure.