New Cybersecurity Laws – But Many SMEs Are Still Vulnerable to Hacking, Phishing and Ransomware

Six-Point Cybersecurity Checklist
New cybersecurity laws are due later this year – but too many SMEs are still leaving obvious gaps that hackers could exploit, warn IT experts.
The recently announced Cyber Security and Resilience Bill would compel data centres, Managed Service Providers and critical suppliers to ensure their IT defences were sufficiently robust.
But this move to safeguard supply chains and critical services does not absolve SMEs of their responsibilities, warns cybersecurity and IT productivity specialist PSTG Ltd, a Microsoft Gold Partner.
PSTG Managing Director Enzo Daniele said: “We carry out many cybersecurity audits to help protect small and medium-sized companies from hacking, phishing and ransomware attacks.
“Sadly, many SMEs often make basic security mistakes when configuring their Microsoft 365 tools. These errors create vulnerabilities that hackers could easily exploit.
“We help to protect SMEs by offering a different and more cost-effective solution. Unlike many other IT suppliers – which focus on selling SMEs the next IT tool – we help firms to stay secure and boost growth by ensuring they get the best protection from the software they already have,” he added.
SMEs can make a positive start by checking their IT systems for the following vulnerabilities:
1. Insufficient Access Controls
- Consequence: Unrestricted access can lead to unintended data exposure and breaches – risking sensitive information.
- Solution: Implement robust controls in Microsoft Entra ID (formerly Azure Active Directory) to ensure that only authorised users have access to specific data and systems.
2. Lack of Multi-Factor Authentication (MFA)
- Consequence: Relying solely on passwords increases the risk of unauthorised access through compromised credentials.
- Solution: Mandate Multi-Factor Authentication across the organisation to add an additional layer of security, significantly reducing the chances of unauthorised access.
3. Improper Data Loss Prevention (DLP) Policies
- Consequence: Without effective DLP, there is a high risk of leaks and breaches of sensitive information. This could lead to compliance violations and reputational damage.
- Solution: Regularly review and update DLP policies to align with the latest data protection standards and regulatory requirements – preventing sensitive data from being mishandled or inadvertently shared.
4. Default Security Settings
- Consequence: Default settings may not suit the specific needs of the business, leaving systems vulnerable to attacks.
- Solution: Adjust security settings to meet the organisation’s specific requirements. Update security configurations regularly to respond to emerging threats.
5. Neglecting Regular Updates and Patch Management
- Consequence: Older versions of software may contain exploitable vulnerabilities, exposing the organisation to cyberattacks such as ransomware.
- Solution: Implement a rigorous protocol for the regular updating of software and the application of security patches to protect against known vulnerabilities.
6. Poor Email Security Practices
- Consequence: Inadequate email security can lead to more phishing attacks and malware distribution, endangering the entire network.
- Solution: Use Microsoft 365’s built-in security features, such as anti-phishing and anti-spam tools, to enhance email security. Teach employees how best to identify suspicious emails.
PSTG carries out all this work – and more – to ensure that SMEs stay safe from cyberattacks. The configuration improvements also enable firms to maximise productivity so they can focus on boosting growth.
PSTG provides enterprise-level IT expertise at an SME price point. Its accreditations include:
- ISO 27001 – the internationally recognised standard for information security management systems
- Cyber Essentials Plus – the government-backed certification that offers a rigorous assessment of an organisation’s cybersecurity controls through independent technical testing and audits.
London-based PSTG is also a Crown Commercial Service supplier, helping the healthcare sector to safeguard critical medical data.
For further information on how to improve online security and boost productivity through better use of IT, contact PSTG.