Rebecca Wilson

The business advisory and accountancy firm has published the findings of its latest survey of family, privately-owned and owner-managed businesses.

Nearly two-thirds of respondents (61%) said cyber security is a concern, while 28% are not concerned because they don’t believe their business will be targeted. Just 11% believe they are protected.

According to Rebecca Wilson, Armstrong Watson’s cyber security solutions manager, cyber attacks can lead to significant financial losses, reputational damage, and legal repercussions – but steps such as strengthening passwords, updating software, backing up data and training your front line can significantly reduce the risk of falling victim to cybercrime.

“This week’s Cyber Scotland Week is a timely reminder that cyber security is a challenge for organisations of every size, not just large enterprises,” she said.

“Small and medium-sized businesses are the backbone of the Scottish economy, but cyber criminals know they often operate without the advanced security control of larger organisations, making them a prime target.

“Cyber attacks are also becoming more targeted, more automated and increasingly powered by AI. As businesses increasingly rely on technology for many day-to-day processes – everything from booking reservations to managing inventories – the attack surface grows. They become more vulnerable to cyberattacks like ransomware, phishing, and data breaches.

“Our focus is prevention, acting early to reduce risk, backed by a comprehensive range of cyber security services for organisations of all sizes.”

Armstrong Watson says practical steps to improve and maintain robust cyber security practices include:

1. Strengthen passwords and use multi-factor authentication: Use strong, unique passwords for each service. To add an extra layer of protection, enable Multi-Factor Authentication (MFA), which requires more than just a password.

2. Update software regularly: Regularly update your operating systems, apps, and security software to ensure they have the latest security patches.

3. Backup important data: Ransomware attacks can render your data inaccessible, but if you have a recent backup, you can restore your information without paying the ransom. Regularly back up your files, whether on an external hard drive or using a reliable cloud service, and develop and test a disaster recovery plan.

4. Secure your network: Use firewalls, intrusion detection systems and antivirus software to protect your network from unauthorised access and malware. Regularly monitor network traffic for unusual activities.

5. Regular security awareness training: Provide regular security awareness training to identify knowledge gaps and equip individuals to recognise and respond to potential threats.

Ms Wilson said: “Protecting your business operations and customer data requires vigilance, and it is important to act before a breach and have a clear cyber security action plan.”