So here’s something that isn’t talked about enough. Ask UK SME owners what keeps them up at night and you’ll learn about cash flow, staffing and perhaps the economy. Nobody says “our firewall configuration”. Funny, that.
Then one Wednesday morning the WiFi goes out and suddenly it’s all anyone can talk about. Imagine that.
Suppose hackers have bigger fish to fry
Many business owners across the UK assume that cybercriminals only care about the big corporations. Makes intuitive sense, right? Go where the money is. Unless it’s wrong. The government’s cyber security breach survey found that 43% of organizations reported a breach or attack over a 12-month period. Forty-three percent. This also includes the very little ones.
And honestly? Most of the time the attacks aren’t even clever. Phishing emails. Dodgy links. Passwords that have not been changed since 2019. Basically opportunism. The digital equivalent of trying out car doors in a parking lot to see which ones are unlocked.
Only call for help if something breaks
Look, this one is probably the most common and also the most expensive in the long run. Many small businesses treat IT support like they would treat a locksmith. You don’t think about her until you’re locked out.
The problem with that? Things don’t just break. By the time anyone notices, there are already lost files, exposed data, and an entire afternoon where no one can access the shared drive. Mustard IT in London is a provider that has completely moved away from this problem-solving model and instead focuses on ongoing monitoring. Which, to be fair, sounds less dramatic than emergency calls. But the boring prevents the dramatic.
Anyway. Let’s move on.
Forgetting that people are the weak link
Buy the best antivirus on the market. Install a suitable firewall. Set up two-factor authentication for everything.
Then watch someone on the team click “Enable Macros” on a spreadsheet attachment from an email address they don’t recognize.
Staff training is constantly neglected. The Federation of Small Businesses drew attention, noting that small businesses are lagging behind in digital training and many owners aren’t sure where to start. It doesn’t have to be a one-week course. A quick session every few months to spot suspicious emails would be a huge improvement. The bar really is that low.
Backups that only exist theoretically
This would almost be funny if it weren’t so common. A company sets up automated backups, expects them to work smoothly, and then, when an actual disaster occurs, discovers that nothing has been properly backed up for weeks.
Nobody checks. That’s the whole problem. There is a useful article in BM Magazine about exactly this gap between “something being there” and what actually works. It’s worth a read if this sounds familiar.
Outgrowing the setup without realizing it
Five employees. A simple router, a shared Google Drive, maybe a NAS box from Amazon. Works well.
Three years later. Thirty employees. Same router. Same filing structure. Shared logins that four people who have since left the company still technically have access to. Essentially held together with hope.
Nobody plans that. Growth is creeping up and the IT budget is not growing with it. Then one morning the whole thing collapses, and rebuilding it from scratch costs about three times what it would have cost if it had been sorted earlier. Classic.
Anyway. None of it is groundbreaking, which is kind of depressing. Same mistakes, different year. Maybe just check that the backups are actually running?
