The 5 Biggest Cybersecurity Mistakes Midlands Businesses Are Making Right Now

Cybersecurity threats are on the rise, and small and medium-sized enterprises (SMEs) in the Midlands are at increasing risk. Many SMEs believe they are too small to be targeted, but cybercriminals often view them as easy prey due to their limited security measures. A single cyber-attack can cost a business thousands of pounds in damages, downtime, and reputational harm.

Here are the five biggest cybersecurity mistakes SMEs are making right now—and how to fix them.

  1. Failing to educate employees
  2. Using outdated software
  3. Lack of data backup & recovery
  4. Lack of multifactor authorisation
  5. Assuming cyber insurance is a substitute for cyber security

1. Failing to Educate Employees on Cyber Threats

One of the most common mistakes SMEs make is not providing sufficient cybersecurity training for employees. Many cyber threats, such as phishing attacks, rely on human error rather than sophisticated hacking techniques. According to the UK Government’s Cyber Security Breaches Survey 2024, 83% of security breaches involved human error.

Common issues:

  • Employees clicking on malicious links in phishing emails.
  • Weak passwords or password reuse.
  • Falling for business email compromise (BEC) scams.

How to fix it:

  • Conduct regular cybersecurity awareness training.
  • Implement strict password policies and encourage the use of password managers.
  • Test employees with simulated phishing exercises.

2. Using Outdated Software and Systems

Many SMEs continue to use outdated operating IT systems and software applications, leaving them vulnerable to cyber-attacks. Hackers exploit known vulnerabilities in outdated software to gain unauthorised access to business networks.

Common issues:

  • Running outdated versions of Windows or macOS.
  • Using software that no longer receives security updates.
  • Delayed implementation of security patches.

How to fix it:

  • Enable automatic software updates where possible.
  • Regularly review and replace outdated software.
  • Use endpoint protection solutions to monitor vulnerabilities.

3. Lack of Data Backup and Recovery Plans

Ransomware attacks are becoming increasingly common, and SMEs without proper IT backups can lose critical data permanently. A UK study found that 1 in 3 SMEs do not have an adequate data backup strategy.

Common issues:

  • No automated backup process in place.
  • Storing backups in the same location as the primary data.
  • Lack of regular testing for data recovery procedures.

How to fix it:

  • Implement automated, offsite backups.
  • Follow the 3-2-1 backup rule (three copies of data, two different media, one offsite copy).
  • Test data recovery procedures regularly to ensure backups are effective.

4. Weak Access Controls and Lack of Multi-Factor Authentication (MFA)

Many SMEs do not enforce strong IT access controls, making it easier for cybercriminals to exploit stolen credentials.

Common issues:

  • Sharing user credentials between employees.
  • Lack of role-based access controls (RBAC).
  • No multi-factor authentication (MFA) for critical systems.

How to fix it:

  • Require employees to use MFA for email, cloud platforms, and sensitive accounts.
  • Limit system access based on job roles.
  • Implement single sign-on (SSO) solutions where possible.

5. Assuming Cyber Insurance Is a Substitute for Cybersecurity

While cyber insurance can help mitigate financial losses, it is not a replacement for strong cybersecurity measures. Many SMEs believe having cyber insurance is enough to protect them, but most policies require businesses to meet specific security standards to qualify for a claim.

Common issues:

  • Relying on cyber insurance without implementing security measures.
  • Not meeting insurer security requirements, leading to denied claims.
  • Failure to conduct cybersecurity risk assessments.

How to fix it:

  • Treat cyber insurance as a last line of defence, not a primary security measure.
  • Regularly review and update security policies to meet insurer requirements.
  • Conduct annual cybersecurity risk assessments.

Secure Your Business with Link ICT

Cybersecurity threats are constantly evolving, and Derby SMEs cannot afford to ignore them. Link ICT provides tailored cybersecurity solutions to help businesses stay protected. Our services include:

  • Employee cybersecurity training to reduce human error.
  • Managed IT services to keep software updated and secure.
  • Cloud backup solutions to protect against ransomware attacks.
  • Multi-factor authentication (MFA) implementation to safeguard access.

Don’t let your business become another cybercrime statistic. Contact Link ICT today to discuss how we can secure your business from cyber threats.