Skip to main content
Tel:0330 400 5465

Small businesses are now the target of 43% of all cyberattacks.

Running a business is a demanding and sometimes risky endeavour. Every day has a new obstacle, and often it can seem like the pressure and doubt are overwhelming. That’s when you remember why you took the risk—the joy of achieving your own goal – and you persevere. 

Your business can require a lot of dedication, making it almost like another home for you. And just as you safeguard your actual home with a current security system and reliable locks, it’s essential to update cybersecurity for your business.  

Small businesses are now the target of 43% of all cyberattacks, and unfortunately, more than half of them will go out of business for good within six months of the attack.1 That’s why we decided to offer Microsoft Defender for Business with every subscription to Microsoft 365 Business Premium—because every business should have access to comprehensive security of enterprise quality. 

It’s always our ambition to make technology an equalizer, to enable a small business to compete with a larger business with the power of technology and close that gap. 

  • Brad Smith, Vice Chair and President at Microsoft 

Microsoft President Brad Smith and SBA Administrator Isabella Casillas Guzman had a fireside chat at the Small Business Cyber Summit in October 2022 as part of Cybersecurity Awareness Month. They talked about how SMBs can improve their cybersecurity on a tight budget. 

  1. Monitor everything around the clock with Microsoft Cloud capabilities

In his conversation with Administrator Guzman, Brad Smith emphasised how switching to cloud-based security benefits your business by making protection easier to manage. “If everyone is just running their software on their own hardware in their own premises, it means you have to take care of all that hardware,” Brad Smith said. “But if you move to the cloud, that becomes our responsibility. 

The Microsoft Cloud currently tracks and analyses 43 trillion threat signals daily.2 That includes 35 ransomware families, and more than 250 unique nation-states, cybercriminals, and other threat actors. Sign up to our webinar to learn more. 

That enormous breadth and depth of protection is built into Microsoft 365 Business Premium. It delivers enterprise-grade protection against viruses, spam, unsafe attachments, suspicious links, and phishing attacks. You’ll also get constant protection against ransomware and malware attacks across your devices, along with antivirus and endpoint detection and response capabilities built in. That way, you can focus on making your business a success rather than chasing down cyberthreats. 

  1. Update the locks with Defender for Business

We often feel motivated to change old locks or install a security light (or more) when there are burglaries in the area. Likewise, protecting your business from cyberattacks starts with one simple step – updating your existing systems.  

Also, make sure your business maintains an up-to-date IT inventory. With the move to remote and hybrid work, the phenomenon of bring-your-own-device (also referred to as “BYOD”) is now common. Using more devices, especially from home networks, creates a larger attack surface with more endpoints and potential vulnerabilities. As part of Microsoft 365 Business Premium, Defender for Business has threat and vulnerability management built-in, allowing you to secure multiple devices with a single tool. 

Regular data backups can help businesses defend themselves. Ransomware attacks rose by 300 percent in 2024.3 Ransomware as a service (RaaS) reveals that attackers are now operating like normal businesses.4 But regular backup copies of your vital files can stop ransomware attacks on your business data. Setting up automated backups can help your business use resources efficiently and prevent possible human mistakes. 

  1. Hide your keys well with multifactor authentication

We often hide a spare key under a rock or plant, but never under the mat. That’s how passwords work too: if it’s easy, it’s not safe. “It shouldn’t be ABC123,” Administrator Guzman said. But a survey found that many people still use “password” and “Qwerty” as their passwords.5 Cybercriminals can easily break in with a technique called password spray.6 They get a list of accounts and try out common passwords until they find one that works. Since many businesses name their employees similarly (for example,, attackers can guess half of your login details from your website. 

Many internet browsers, such as Microsoft Edge, have a built-in password generator that will make—and store—a strong password for you. Or you can choose to get rid of passwords completely with a solution like Windows Hello or FIDO2 security keys that allow users to log in using biometrics or a physical key or device. If you can’t go passwordless, multifactor authentication, also known as two-factor authentication, is your best option to create secure access for your business.  

Multifactor authentication asks users to confirm their identity through another factor, such as a one-time password (OTP) sent by email or text message. Other verification factors include answering personal security questions or using face or voice recognition. 

  1. Don’t open the door to just anyone, defend against phishing

Video doorbells are popular for a good reason—opening the front door without knowing who’s there is risky. Likewise, every business should keep up with the latest phishing scams and social engineering scams that malicious actors use to try to get access to your business. 

By 2024, malware (22 percent) and phishing (20 percent) remain the main sources of cyberattacks.7 Threat actors know that humans are the vulnerable part—85 percent of breaches involve a human factor—and they are increasing the number and complexity of their attacks.8 However, most phishing emails still use familiar “triggers” that we can all recognize and avoid, such as: 

  • Request for user credentials or payment InformationNever click the link. Instead, type the business’ URL into your browser and go to your account directly. 
  • An unfamiliar tone or greeting. Phishing emails are often created offshore, so look for irregular syntax or tone that’s too formal, too familiar, or an odd mix of both. 
  • Grammar and spelling errors. Legitimate businesses take time to proofread their emails before sending them. 
  • Inconsistent email address or a “lookalike” domain name. A phishing email address or domain will usually be slightly off (for example, instead of 
  • Threats or a sense of urgency. Scammers often try to scare you into clicking the link with headlines like: “Update your account information now or lose access!” If in doubt, type the URL in your browser and go to the site directly. 
  • Unrequested attachments. If you weren’t expecting an email from this sender, don’t click the attachment. Instead, open a new email (don’t respond) and inquire if the email and attachment are genuine. 

When you receive a phishing email (we all do), remember to report it to us. 

  1. Stay informed about how to prevent break-ins with SMB security trainings

Local police and neighborhood watch groups teach residents how to prevent break-ins and secure their homes. Your business size doesn’t matter; you can also find cybersecurity resources.11 The SBA has best practices for avoiding cyberattacks,12 a cybersecurity planning tool13 and ongoing cybersecurity events14 for your area. Even if you work alone, you should keep updating your cybersecurity skills, just like the threat actors do.   

We are proud to be Microsoft Solution Partners, which shows that we have proven skills in implementing Microsoft technology for customers. To earn this status, a company must show its technical ability, customer testimonials, and project success, as well as fulfilling many other criteria, highlighting our industry knowledge.  

When it comes to organising your security, partnering with CSG ensures you are on the right path. 

CSG is here for you 

CSG, together with Microsoft’s software, has your back.  

5,547,000 qualify as either small or medium businesses, meaning that 99.05% of UK businesses are Small to Medium Enterprises (UK GOV). 

Be sure to take advantage of CSG & Microsoft’s free security consultation, which includes actionable, data-driven insights into the security vulnerabilities in your environment. If you don’t want to wait until then, set up your FREE IT AUDIT with CSG today. 

To learn more about Microsoft Security solutions by signing up to our webinar, hosted with Illuminate Learning LTD: 

1Why small businesses are vulnerable to cyberattacks, Linda Comerford, May 25, 2022. 

2Cyber Signals: Defend against the new ransomware landscape, Microsoft. August 22, 2022. 

3DHS secretary warns ransomware attacks on the rise, targets include small businesses, Luke Barr. May 6, 2021. 

4Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself, Microsoft. May 9, 2022. 

5These are the 20 most common passwords leaked on the dark web—make sure none of them are yours, Tom Huddleston Jr. February 27, 2022. 

6Protecting your organization against password spray attacks, Microsoft. April 23, 2020. 

750 Phishing Stats You Should Know In 2022, Caitlin Jones. September 7, 2022. 

8Alarming Cyber Statistics For Mid-Year 2022 That You Need To Know, Chuck Brooks. June 3, 2022. 

9Microsoft launches Defender for Business to help protect small and medium businesses, Microsoft. May 2, 2022. 

10Server security made simple for small businesses, Jon Maunder. November 8, 2022. 

11Shields Up guidance for all organizations, CISA. 

12Strengthen your cybersecurity, SBA. 

13Cyberplanner, FCC. 

14Find cybersecurity events, SBA. 

15How Small Businesses Drive The American Economy, Martin Rowinski. March 25, 2022. 


Related Content

12 Jun
CSG News

Active Gloucestershire partners with CSG to repurpose old laptops for community benefit

19 Jan
CSG News

9 ways Microsoft Copilot helps you become a Master of Meetings

05 Oct

Benefits of a Cyber Security Risk Assessment