Outdated, legacy IT systems and ever-increasing cyber threats are putting thousands of UK SMEs at risk of attack. The best defence is to make sure you have a modern IT infrastructure and a robust cyber security strategy in place. But where should you start?

2024 IT resilience

As many SMEs face tightening budgets and the ability to attract and retain skilled IT and cyber security professionals, this comprehensive blog outlines what to focus on and where to invest in 2024 to reduce risk. This will ensure you’re in the best position to future-proof your business and support long-term growth.

A challenging landscape for SMEs

Over the last 6 months, the threat landscape has got immeasurably worse. What we are seeing is backed up by the latest industry intelligence:

  • According to email security experts at Mimecast, 3 out of 4 companies have experienced an increase in email-based threats, with these attacks becoming increasingly sophisticated. Further to this, 97% have been targeted by email-based phishing attacks. From this, 20% of firms were compromised and received a ransomware demand; whilst 63% paid the ransom, less than 50% of those that paid recovered all data.
  • According to an industry study by The Diffusion Group, who surveyed small businesses, 60% of companies that lose their data close down within six months and 72 % of businesses that suffer major data loss will go out of business permanently within 24 months.
  • It’s becoming increasingly difficult for SMEs to obtain cyber insurance without certain cyber security solutions in place. Insurers are now mandating that businesses implement robust cyber security measures before offering cover. 28% of SMEs that applied for cyber insurance in 2023 were denied cover and 96% had to purchase at least one new security solution before being approved by insurers.

With all of the above in mind, running outdated and unsupported systems presents an even more significant risk to businesses. According to StatCounter, Windows 10 is currently powering twice as many PCs as Windows 11, despite the fact there’s less than 18 months to go until it reaches end of support. However, it’s not just Windows 10 you need to consider, there are other industry-wide events and updates required. Because of this, Air IT are urging all businesses to assess their IT resilience without delay. Read on below to find out more.

Below CRO, Spencer Lea gives his overview of the technology landscape in 2024.

 

Preparing for upcoming changes

Every business needs to prepare for the following changes before time runs out!

  • From February 2024, all businesses that send bulk email and take online card payments, are required to authenticate the emails they send with DMARC (Domain-based Message Authentication, Reporting, and Conformance, is an email authentication protocol that helps organisations prevent email spoofing and phishing attacks by providing a policy framework for email authentication, reporting, and enforcement). This includes emails sent via third-party email service providers like Mailchimp. In short, failing to do this will affect your email delivery rates, and your overall email sender reputation could be negatively affected.
  • Windows 10 will reach its end-of-life date on 14th October, 2025. To ensure your business can continue to receive critical updates and security patches, you must update to Windows 11 before this date!
  • The analogue, copper wire phone network (also known as public switch telephone network – or PSTN) is being retired in December 2025, meaning you’ll no longer be able to use your landline phone. If you have other systems connected to your phone line, like alarms, telecare systems, CCTV, or even some half-hourly electricity meters, then they’ll stop working too. According to Openreach, there are 14 million lines and channels to upgrade across the UK so don’t leave this until the last minute! Plan your migration to modern, digital lines as early as possible to avoid the rush for installation.

Whilst it may be tempting to wait until these deadlines approach, we recommend taking action now to avoid disruption as increased demand may outstrip supply, as well as the resource and availability needed to upgrade.

IT resilience

 

Where else should SMEs focus their attention?

There are plenty of things SMEs can do to improve the condition of their IT and cyber security posture. Doing so will not only increase business resilience but could boost business efficiency by up to 50% according to Forbes.

By focusing on the following areas, SMEs can build a solid foundation that supports and protects their goals. The areas to consider are:

Infrastructure modernisation

Using unsupported software and systems exposes businesses to security vulnerabilities and potential data breaches due to a lack of critical updates and security patches. Additionally, unsupported software may lack compatibility with newer technologies, hindering productivity and efficiency. It’s also much harder to recover from a security breach if you have legacy IT and outdated backup solutions.

We’ve already covered upcoming changes to the analogue telephone network, and end of support for Windows 10. So, if you’re still running any of these technologies, then it’s time to replace or upgrade them. Doing this is not necessarily difficult nor costly!

  • Before you move to digital phone lines, speak to your existing service provider to assess your current infrastructure, and identify any analogue line you may be using. You can then select a suitable digital solution and plan your transition. At Air IT, we specialise in IT and business communication solutions. We will be more than happy to assist new or existing clients with this process.
  • If you’re still running any devices on the Windows 10 operating system, these will need to be upgraded to Windows 11 sooner rather than later. However, if any of these devices are out of warranty or over 3 years old, it may be more economical to buy a new device. At Air IT, we can support with upgrades and supply of hardware, including finance options and tech-as-a-service subscriptions.

If you’re running any other kind of legacy systems, such as unsupported on-premise servers (e.g. Windows Server 2012) you could also consider migrating to the cloud. Cloud computing offers the advantage of continual updates, ensuring that users have access to the latest features, security patches, and performance enhancements without the hassle of managing on-premise servers.

Cyber security resilience

Cyber resilience refers to the proactive measures an organisation takes to protect itself against cyber threats. However, as many SMEs lack the knowledge and resources to manage cyber security effectively in-house, it can be particularly challenging to ensure the right level of protection is in place. Whilst there are many ways SMEs can protect against cyber risks, we recommend a multi-layered approach and advocate the following as a minimum baseline to ensure a robust security posture:

  • Cyber Essentials PlusCyber Essentials Plus certification helps SMEs mitigate cyber security risks by providing a robust framework for implementing essential security measures. By achieving this certification, SMEs demonstrate their commitment to protecting sensitive data, reducing the likelihood of cyber attacks, and enhancing trust with clients and partners. Reviewed annually, this framework provides a level of governance to ensure your business is continually reviewing and meeting minimum security standards as advised by UK Government and industry experts. As an IASME accredited Cyber Essentials Certification Body, Air IT will help you meet the 5 key controls and achieve certification.
  • Business-grade anti-spam – anti-spam software remains a critical component for cyber protection alongside regular, ongoing user awareness training. This can help to safeguard against potential security threats posed by malicious content or phishing attempts, thus ensuring smooth communication and protecting sensitive data.
  • Replace anti-virus with Endpoint Detection & Response (EDR) – Anti-virus software was originally developed in 1987 and in today’s world it’s out-dated and not proactive enough to protect against the ever-evolving threat landscape. As zero-day threats increase, businesses must focus on solutions that have been built to combat and hunt the latest threats, such as Endpoint Detection & Response (EDR). It’s unlikely you will secure cyber insurance or Cyber Essentials Plus accreditation without it.
  • Access Management – Securing and protecting access to your data and applications is essential. At Air IT, we recommend a multi-layered approach using Conditional access and Multi-factor authentication (MFA). This means your users have to enter an additional passcode to access your systems, as well as their password, much like you do with your home banking applications. It also means they can only connect if they are on a device that has been ‘pre-registered’ as safe to connect.
Data Protection & Recovery

Whether your systems and data are located on-premise or in the cloud, you must ensure they can be recovered quickly in the event of a disaster. This means you need a fully documented and tested disaster recovery plan and a disaster recovery solution. This will allow your business to recover quickly, minimising data loss and downtime in the event of a disaster.

Whilst Microsoft 365 provides robust cloud services, it only backs up your data every 12 hours and retains it for just 14 days. It also does not guarantee protection against accidental deletion, data corruption, or malicious attacks such as ransomware. It is therefore essential to establish a software-specific backup solution that ensures that critical data can be recovered in case of such incidents, preventing significant losses.

 

Don’t let ageing technology hold you back, act today!

To ensure your organisation is best placed to succeed, Air IT has developed an 8-point assessment to identify gaps and improvements to ensure your business is resilient in 2024 and beyond.

Air IT will assess your maturity in each of the 8 areas and provide recommendations on how, overall, you can ensure your IT infrastructure is up to scratch.

Contact us today or speak to your account manager, and we will be more than happy to help!

Act now, contact us