Contact Us!
Contact Us!
  • 0330 66 00 281 
  • info@remedian.co.uk
Contact Us!
Contact Us!

          43%
          of businesses with 10–49 staff hit by a breach in 2025

          £15,300
          average cost of a cyber attack for a UK SME

          85%
          of breaches start with a phishing email

          £3.4bn
          lost by UK SMEs to cybercrime every year

          Source: UK Government Cyber Security Breaches Survey 2025 & Vodafone UK Business Report 2025.

          01

          SMEs are not too small to be attacked

          The common mistake is thinking attackers choose targets like a salesperson chooses prospects. They do not. A lot of attacks start with scanning, stolen credentials, reused passwords and fake login pages.

          That is why a 25-person accountancy firm, a small manufacturer or a primary school can be a good target. The attacker is not always looking for a famous name. They are looking for an easy path: a Microsoft 365 account without MFA, an exposed remote access service, a firewall rule nobody remembers creating or a backup repository that ransomware can reach.

          46%

          of small UK businesses identified a cyber breach or attack in 2025/26.

          65%

          of medium UK businesses identified a breach or attack in 2025/26.

          29%

          of affected businesses said they experienced breaches or attacks at least weekly.

          25%

          of UK businesses had a formal incident response plan in place.

          We see the same pattern when reviewing live environments. The business has bought tools, but nobody has checked whether the boring parts are right. Microsoft 365 exists. Conditional Access is not enforcing what people think it is. A firewall exists. The firmware is old. A backup job exists. Nobody knows when the last restore test happened.

          Cyber security for SMEs is not about buying the most expensive platform first. It is about closing the obvious gaps and checking them regularly.

          Cyber breach rates by business size

          Micro businesses42%
           
          Small businesses46%
           
          Medium businesses65%
           
          Large businesses69%
           

          Source: GOV.UK Cyber Security Breaches Survey 2025/26.

          Cyber Breach Rates for UK SMEs by Size

          As SMEs grow, cyber risk usually increases too. More users, devices, suppliers and cloud services create more opportunities for phishing, data breaches and account compromise.

          Source: UK cyber security and SME breach reporting. Confirm the final source before publishing.

          02

          What attackers actually do 

          The attack does not usually start with someone smashing through a firewall. It starts with something smaller and duller.

          They steal a login

          Phishing hit 38% of UK businesses.

          The user sees a Microsoft 365 sign-in page, enters their password and the attacker gets into the mailbox. The next step is often mailbox rules, supplier impersonation, invoice changes or a password reset on another system.

          What stops it: MFA, Conditional Access, user training, alerting for risky sign-ins and mailbox rule monitoring.

          They find an old door

          Legacy remote access is still a problem.

          Old VPN users, exposed remote desktop, stale firewall objects and forgotten admin accounts are common. They survive because every change feels risky, so nobody tidies up.

          What stops it: firewall review, disabled old accounts, VPN MFA, patching and proper admin separation.

          They hit a supplier

          Your risk includes the people you depend on.

          Your IT provider, payroll system, finance platform, cloud storage and line-of-business software all matter. If they have access to your data, they are part of your risk.

          What stops it: supplier access review, MFA, named contacts, written process and offboarding checks.

          The main breach types in the GOV.UK survey

          Attack type Among all businesses What it means in practice
          Phishing 38% Staff receive fraudulent emails or land on fraudulent websites.
          Impersonation 12% Attackers pretend to be staff, suppliers or known organisations.
          Malware 7% Malicious software lands on a device or system.
          Ransomware 1% of all businesses Lower reported frequency, much higher disruption when it works.

          Source: GOV.UK Cyber Security Breaches Survey 2025/26.

          03

          The mistakes we keep seeing 

          Most cyber gaps are not exotic. They are admin gaps. They come from years of staff changes, rushed projects, old suppliers, untested assumptions and nobody owning the boring checks.

          MFA is only partly enabled

          A few users have MFA. Admins are missed. Break-glass accounts are not documented. Older mail protocols are still enabled. This gives everyone false confidence.

          Offboarding stops too early

          The account is disabled in one place, but not everywhere. Entra ID, mailbox delegation, shared mailboxes, VPN access, third-party SaaS apps and local admin rights all need checking.

          Backups are assumed, not tested

          A backup job marked successful is not the same as a restore. For business-critical systems, someone needs to prove data can be recovered.

          Firewalls are treated as set-and-forget

          Rules get added during emergencies and never removed. Firmware falls behind. VPN accounts remain active. Logs are ignored until something breaks.

          The skills gap is real

          GOV.UK research found that 49% of UK businesses had a basic technical cyber security skills gap. That means they were not confident in at least one basic task, such as setting up firewalls, managing personal data securely or detecting malware.

          This is not a failure of the business owner. It is the result of IT becoming too broad to manage by memory and goodwill.

          Source: GOV.UK Cyber Security Skills in the UK Labour Market 2025.

          04

          What we check first

          A useful cyber review does not start with a product demo. It starts with identity, backups, devices, firewall rules and admin rights. Those are the places where real failures usually live.

          Microsoft 365 and Entra ID

          We check MFA, Conditional Access, legacy protocols, admin roles, mailbox forwarding, risky sign-ins, shared mailbox access and stale accounts.

          Backup and recovery

          We check what is backed up, where it is stored, who can delete it, when it last ran and whether a restore has been tested.

          Firewall and remote access

          We review Fortinet, Sophos and other firewall setups, including firmware, rules, VPN users, exposed services and logging.

          Endpoint protection

          We check device patching, antivirus, Huntress or managed detection coverage, local admin rights and unmanaged devices.

          Cyber Essentials readiness

          We map your setup against the five Cyber Essentials controls before you pay for certification and discover problems late.

          School-specific controls

          For schools, we also check filtering and monitoring, MIS access, staff offboarding, guest networks, BYOD and evidence for DfE standards.

          See related Remedian services

          05

          The controls every SME needs

          You do not need every cyber product on the market. You need the basic controls working properly, and you need someone to keep checking them.

          Control

          		 UK business adoption in 2025/26

          What to check
          Updated malware protection 81% Coverage on every device, not just most devices.
          Cloud backup 74% Restore testing and protection from deletion.
          Password policies 74% MFA and sign-in risk rules matter more than password rules alone.
          Network firewalls 74% Rules, firmware, VPN users, exposed services and logging.
          Restricted admin rights 73% Who can install software, reset passwords and access sensitive data.

          Source: GOV.UK Cyber Security Breaches Survey 2025/26.

          What changes when this is done properly

          Cleaner offboarding

          Leavers stop being a security risk months later.

          Faster recovery

          A failed device or encrypted folder becomes a restore job, not a business crisis.

          Better evidence

          You have proof for insurers, customers, auditors, governors or trustees.

          06

          Cyber Essentials is worth doing, but do not treat it as the finish line

          Cyber Essentials is useful because it forces the basics into a checklist. That is its strength. It covers firewalls, secure configuration, user access control, malware protection and security update management.

          The mistake is treating the badge as proof that everything is now fixed forever. It is not. It is a point-in-time check. Your tenant, users, devices and suppliers keep changing after certification.

          Why it matters

          • It gives SMEs a clear baseline.
          • It helps with contracts where customers ask for cyber evidence.
          • It supports insurance conversations.
          • It forces a proper look at old devices, unsupported software and admin access.
          • GOV.UK says organisations with the Cyber Essentials controls in place make 92% fewer insurance claims.
          Aspect Cyber Essentials Cyber Essentials Plus
          Verification Self-assessment with independent audit More technical testing
          Cost Starts at £320 plus VAT Priced by network size and complexity
          Best fit Most SMEs starting with formal cyber evidence Businesses needing stronger technical proof
          Valid for 12 months 12 months

          Sources: NCSC Cyber Essentials and GOV.UK Cyber Essentials scheme overview.

           

          View Cyber Essentials support

          07

          Penetration testing is not always the first job

          Some businesses ask for a penetration test when they still have no MFA, no tested backup and old admin accounts everywhere. That is the wrong order.

          Penetration testing is valuable when the basics are already under control, when you handle sensitive data, when a contract asks for it or when you need proof that public-facing systems have been checked.

          When it makes sense

          • You hold client financial, legal, insolvency or pupil data.
          • You have external portals, VPNs, web applications or remote access services.
          • You are bidding for contracts that ask for evidence of security testing.
          • Your environment has changed after a migration, merger, site move or provider change.
          • You have not had an external technical review for several years.

          A sensible order

          01
          Fix the obvious gaps

          MFA, backup testing, old accounts, patching and exposed remote access.

          02
          Define the scope

          External systems, internal systems, web apps, wireless, cloud or a mix.

          03
          Test carefully

          Controlled testing with agreed limits and no surprise disruption.

          04
          Fix and retest

          A report is only useful if someone owns the fixes.

          View penetration testing

          08

          Microsoft 365 is where a lot of SME risk now lives 

          For many SMEs, Microsoft 365 is the business. Email, files, Teams, SharePoint, OneDrive, calendars and customer documents all sit there. If an attacker gets into that tenant, they do not need to touch your server.

          The checks are specific. We look at Entra ID, Conditional Access, MFA methods, admin roles, risky sign-ins, external sharing, mailbox forwarding, legacy authentication and device compliance through Intune where licensing allows it.

          Business Basic or Standard

          Good for productivity. Limited for advanced device and identity control.

          Business Premium

          Adds stronger security and management tools, including Intune and better identity controls.

          School licensing

          A3 and education tenants need careful admin separation, pupil/staff access rules, device control and leaver checks.

          The useful question

          Do not ask whether you have Microsoft 365 security. Ask who checks it, how often they check it and what evidence exists when something is changed.

          09

          The risk changes by sector

          The controls are similar. The priority changes depending on what your organisation does.

          Professional services

          Accountants, solicitors and insolvency practices.

          The risk is client data, mailbox compromise, invoice fraud and reputational damage. MFA and mailbox monitoring matter here because email is where a lot of client trust lives.

          Related: IT Support for Accountants, IT Support for Solicitors and Insolvency IT Support.

          Manufacturing

          The risk is downtime. If ERP, shared files, production systems or supplier access break, the business feels it immediately.

          • Segment office and production networks where possible.
          • Protect ERP and production data with tested backups.
          • Limit supplier remote access.
          • Patch what can be patched and isolate what cannot.

          Schools and education

          Schools have safeguarding, MIS data, filtering and monitoring, guest networks, BYOD and pupil data to manage. The DfE standards now make this more explicit.

          GOV.UK's education findings show phishing was the main threat among affected schools, at 90% of primary schools and 96% of secondary schools.

          Related: IT Support for Schools, Smoothwall Monitor, Connect the Classroom and DfE Digital Funding and Standards.

          Small businesses with 10 to 50 staff

          The risk is lack of ownership. Someone knows the password to the firewall. Someone else knows which backup product is used. Nobody has the whole picture.

          Related: Small Business IT Support and Managed IT Support.

          Education sources: GOV.UK education findings 2025/26 and DfE digital and technology standards.

          10

          Where to start

          Do this in the right order. Buying another product before fixing the basics just gives you more alerts to ignore.

          1. Turn on MFA everywhere. Start with Microsoft 365, VPN, admin accounts and anything holding business data.
          2. Check old accounts. Review leavers, shared mailboxes, mailbox delegation, VPN users and local admin rights.
          3. Test a backup restore. Do not accept a green tick as proof. Restore a file, folder or system.
          4. Review the firewall. Check rules, firmware, VPN settings, exposed services and who can log in.
          5. Patch devices and servers. Include third-party apps, not only Windows Updates.
          6. Use Cyber Essentials as a checklist. Certification is useful, but the preparation is where many businesses find the real issues.
          7. Write down who does what during an incident. If nobody owns the first hour, the first hour is lost.

          Ask Remedian to check your setup

          11

          How Remedian helps

          We support over 100 businesses and 40 schools from Manchester and Oldham. The useful work is not glamorous. It is checking the tenant, fixing the firewall, proving the backup works, removing old access and making sure someone keeps looking.

          100+businesses supported
          40+schools supported
          2007supporting organisations since April 2007

          What we can manage

          • Microsoft 365 and Entra ID security reviews
          • Cyber Essentials preparation and support
          • Fortinet and Sophos firewall review
          • Backup and disaster recovery checks
          • Endpoint protection and device patching
          • School filtering, monitoring and DfE evidence checks

          Manchester office

          7 Charlotte Street, Manchester, M1 4DZ

          Oldham office

          Unit 6, Annie Kenney Mill, Hudson Street, Oldham, OL9 7FQ

          Or contact Remedian directly

          Phone: 0330 66 00 281, Monday to Friday, 8:30am to 5:30pm

          Email: info@remedian.co.uk

          Cyber security for SMEs: FAQs

          What should an SME fix first?

          Start with MFA, old accounts, backup restore testing, firewall exposure and admin rights. Those five checks catch a lot of real-world risk.

          Is Cyber Essentials worth it?

          Yes. It gives SMEs a clear baseline across firewalls, secure configuration, user access control, malware protection and security updates. It is not the finish line.

          Do small businesses need penetration testing?

          Not always. Fix the obvious gaps first. Penetration testing is useful when you handle sensitive data, have public-facing systems or need evidence for contracts.

          How often should backups be tested?

          For business-critical systems, test restores at least monthly. A backup you have never restored from is an assumption, not a recovery plan.

          Can Remedian help schools with cyber security?

          Yes. We support schools with managed IT support, filtering and monitoring, backups, device management, network security and DfE digital standards evidence.

          Our Services

          Computer Not Working?

          We Can Help You Get Back to Work with Expert Computer Repairs Manchester. Contact Us!

          secure-server

          Secure Backup

          A Secure Backup Solution from Remedian I.T. keeps your personal and business data secure and encrypted; both on and offsite to get your business back up and running with the minimum of downtime.

          wifi-router

          Broadband & WiFi

          In our interconnected world your business needs to be online 24/7. Our managed broadband and WiFi will provide quick, quality connection to get the job done. Speak to our sales team to get connected.

          monitor-screen

          Connection Monitoring

          By monitoring your internet connection, we can detect any problems and respond to them before they become major issues, keeping you connected and working towards your goals.

          cctv-camera (1)

          Phone and CCTV Systems

          Digital phone systems provide you with premium features and flexible plans that grow with your business, from single handsets to full office installations. Ask us about an HD CCTV system and access control to monitor your premises and keep your offices as secure as your data.

          it-department

          Hardware

          Providing best value is what we are all about. When it comes to advice, supply and installation of new hardware we make sure you get the best options for your business. We can even arrange finance to help you spread the cost and manage your budgets.

          online-support

          Remote Support

          Our helpdesk team are on hand, from Monday to Friday 8:30am – 5:00pm, to provide free, friendly remote support to make sure you can get your IT back on track in no time.

          Testimonials

          As a long-term client of Remedian, Ashworth Electrical Services have nothing but the highest praise for their assistance in managing our IT systems.
          ashworths1
          Ashworth Electrical
          The service Remedian provide is professional and efficient. The staff are always helpful and friendly.
          oldhamcoliseum
          Oldham Coliseum Theatre
          Remedian have been our IT support providers now for almost 6 years. During that time they have demonstrated a high level of customer service and value for money support and IT equipment.
          ati
          Analytical Technology
          Remedian have helped us grow into the company we are today. The standard of service and expertise Remedian provide us with is second to none, whether it is remote helpdesk support or onsite maintenance.
          Breakey | IT Support Manchester
          Breakey and Nuttall
          The Remedian team have provided weekly on-site technician services and have also provided strategic direction in relation to the Trust's infrastructure which has been invaluable. When issues arise the Remedian team are fast to respond and are proactive in recommending solutions to mitigate any potential issues. 
          BEBCMAT | IT Support Manchester
          BEBCMAT Trust