There is a major belief that cyber-attacks only target large and multinational businesses, however, SMEs also face cyber threats in the form of phishing attacks or individuals disguised as customers to steal SMEs business information.

SMEs may not have the needed security investments to respond to cyber-attacks, however, they are required to enact certain measures to address them, most importantly raising awareness among their personnel and following appropriate procedures to protect against cyber threats.

In order to reduce the impact of cyber risks, SMEs can:

• Ensure that staff are aware of how to identify phishing scams and train them on cyber security best practice 
• Incorporate contractual protection in agreements with suppliers and customers and ensure clients are aware of cyber threat protection procedures
• Understand what data they collect from clients and hold, so they can undertake a data mapping exercise should a cyber-security incident take place.
• Actively role-play how they would respond to different types of cyber-attacks so that they are prepared when such incident actually occurs.
• Regularly Back up Data, prevent staff from accessing it, and dis-connect it from the device holding the original data
• Invest in software and hardware to ensure that any vulnerabilities are covered