So here’s something that doesn’t get talked about enough. Ask a room of British SME owners what keeps them up at night and you’ll hear about cash flow, staffing, maybe the economy. Nobody says “our firewall configuration.” Funny, that.

Then the Wi-Fi drops on a Wednesday morning and suddenly it’s all anyone can talk about. Go figure.

Assuming Hackers Have Bigger Fish to Fry

Loads of business owners across the UK reckon cybercriminals only bother with the big corporates. Makes intuitive sense, right? Go where the money is. Except it’s wrong. The government’s Cyber Security Breaches Survey put the number at 43% of businesses reporting a breach or attack over twelve months. Forty-three percent. That includes the tiny ones.

And honestly? The attacks aren’t even clever most of the time. Phishing emails. Dodgy links. Passwords that haven’t been changed since 2019. Opportunism, basically. The digital equivilent of trying car doors in a car park to see which ones are unlocked.

Only Calling for Help When Things Break

Look, this one is probably the most common and also the most expensive in the long run. Loads of small businesses treat IT support the way they’d treat a locksmith. You don’t think about them until you’re locked out.

The problem with that? Stuff doesn’t just break cleanly. By the time anyone notices, there’s already lost files, exposed data, a full afternoon where nobody can get into the shared drive. Mustard IT in London is one provider that’s moved away from that break-fix model entirely, focusing on ongoing monitoring instead. Which, fair enough, sounds less dramatic than emergency callouts. But the boring stuff prevents the dramatic stuff.

Anyway. Moving on.

Forgetting That People Are the Weak Link

Buy the best antivirus on the market. Install a proper firewall. Set up two-factor authentication on everything.

Then watch someone on the team click “Enable Macros” on a spreadsheet attachment from an email address they don’t recognise.

Staff training gets overlooked constantly. The Federation of Small Businesses flagged this, noting that small firms lag behind on digital training and many owners aren’t sure where to begin. Doesn’t need to be a week-long course. A short session every few months on spotting suspicious emails would already be a massive improvement. The bar really is that low.

Backups That Exist Only in Theory

This one’s almost funny if it weren’t so common. A business sets up automated backups, assumes they’re ticking along, then discovers during an actual emergency that nothing’s been backing up properly for weeks.

Nobody checks. That’s the whole problem. There’s a useful piece on BM Magazine about this exact gap between “having something in place” and that something actually working. Worth a read if this sounds familiar.

Outgrowing the Setup Without Realising It

Five employees. A basic router, a shared Google Drive, maybe a NAS box off Amazon. Works fine.

Fast forward three years. Thirty staff. Same router. Same filing structure. Shared logins that four people who’ve since left still technically have access to. Held together with hope, essentially.

Nobody plans for this. Growth sneaks up and the IT budget doesn’t grow with it. Then one morning the whole thing buckles, and rebuilding from scratch costs about three times what sorting it earlier would’ve done. Classic.

Anyway. None of this is groundbreaking stuff, which is sort of the depressing part. Same mistakes, different year. Maybe just… go check the backups are actually running?

Read more:
5 IT Mistakes That Still Catch Small Businesses Off Guard