Times of crisis are fertile hunting ground for cyber-criminals. The last few months have seen a spike in social engineering and phishing scams, adding new threats to the already considerable security hurdles that smaller businesses face on a daily basis. And with more companies of all sizes conducting business online and working remotely, there is a naturally greater risk from all kinds of cyber-related harm.

The good news is there is some basic housekeeping that can help protect SMEs against these risks. On the technical side, businesses should ensure software and any online services are patched to the latest version and prioritise the installation of security updates. Most modern devices have encryption as standard, but sometimes it isn’t enabled; SMEs should ensure encryption is active and that multi-factor authentication (MFA) is enabled for as many services as possible.

And on the human side, employees should receive training and regular reminders on how to spot suspicious emails and keep their physical and virtual surroundings secure. Processes and channels should also be in place allowing staff to quickly report suspicious emails and potential attacks.

We may be in this situation, or a version of it, for some time to come. Businesses must understand how attackers are exploiting that fact, and ensure their employees have the knowledge, capabilities and support to play their part in reducing business and cyber risks.