Do Small businesses need to think about Cyber Security?

Significant financial damage and data losses are something that are gaining increasing exposure in the United Kingdom.

18/08/2019 – Toni Dines

Databox specalise in consulting small business throughout the UK to ensure that that are not missed in protecting their businesses, operations and financial security with the growing risk of cyber attack and ransomware in the digital age. Toni Dines, Founder of Databox 360 who has worked with small to Medium SME business on their risk exposure for the last 15 years shares her views on the impact of cyber threats that small businesses are exposed to. He views on why data protection, understanding hackers and system integrity is vitally important in the 21st century.

Hackers do not only target large, refined corporate entities they are focusing on businesses with weak or no cyber security in place whatsoever. These small businesses are often cash rich with operational and financial responsibility resting with one a few people in the business. They may not have the time to be as diligent against attacks as someone just focusing on one aspect of an operational requirement.

Small businesses are also very exposed and persistent on social media platforms given that this can often be a very important aspect of their marketing efforts and business development opportunities to grow their companies. This makes the small company an easy target for email phishing, SMS phishing and website breach.

These smaller entities are keen to write new business and develop new relationships so a phishing email with an attachment linked to their products or services could work really well. “Please find attached attachment outlining what products we would like a quotation for from your website”.

In 2018, the Cyber Security Breaches Survey noted that nearly half (43%) of all UK businesses had reported a cyber attack or data breach of some sort. An attack of this nature can be extremely damaging to a small or medium SME with the average cost to recover from such an attack being between £3,000-£9,000 per occurrence.

Many small businesses may have also felt that their adaptation to the new GPDR regulations was enough to ensure their data security but in reality, this simply isn’t the case. As well as adhering to the GDPR regulations, small businesses also have to report any breaches of data to the Information Commissioner’s Office. Unfortunately, again this means that as a result of these notifications businesses are exposed to being fined for failures on their part.

If the data breach is significant enough, the Information Commissioners office can even take steps to ensure that small companies are prevented from processing data in the figure being completely damming and finite.

There are simple ways that a small business can ensure the integrity of their data within a business and ensure it’s security.


  • Free Health-Check to establish exactly what exposures you do and don’t have within the business
  • Outsourced Data Protection Officer- You can obtain a Data Protection Officer as a ‘Service’ which is something becoming increasingly used by small firms.
  • Implementation of Effective Ransomware Security
  • Obtaining cyber Essentials Coverage alongside Cyber Insurance protection should the worst happen


Understanding that you can never be totally safe is important for small businesses as you will need to always remain fully aware to potential attempts at breach.  Most online attacks can be prevented or detected with very basic security practices for people, processes and your IT systems. Simple as locking doors, and putting your money in a bank, by locking computers, learning the types of phishing to avoid, implementing two stage identification on systems and hiring a cost effective DPO on tap, you can reduce the risk significantly.