A free new handbook has been produced to help Scottish small and medium-sized firms (SMEs) to tackle the growing threat of cybercrime.

The CyberScotland Partnership released the new ‘Cyber Strategy for Small Organisations’ guide aimed at people with no technical background in the subject.

Available now on the CyberScotland Portal, the pamphlet was created by ethical hackers at the Cyber and Fraud Centre – Scotland, one of the Partnership’s founding partners.

Its publication comes as latest research from Vodafone reveals that more than half (54 per cent) of UK SMEs experienced some form of cyber attack in 2022, up from 39 per cent in 2020.

The guidebook outlines short, medium, and long-term priorities SMEs should consider when developing their own cyber security strategy, with tactics ranging from password protection and backups, to undergoing a security audit and obtaining certifications. 

Jude McCorry, Chair of the CyberScotland Partnership, said: “All types of business are at growing risk of a cyberattack. But unlike larger organisations, SMEs may not have the internal resources to maintain operations during an incident – so an attack could potentially shut them down or certainly have damaging long-term effects on their reputation.

“While there are several other excellent resources already available – the National Cyber Security Centre’s 10 Steps to Cyber Security and Small Business Guide: Cyber Security, for instance – this is certainly the most comprehensive that specifically deals with creating a cyber strategy for small organisations, going beyond the basics of cyber security.

“Of course, creating a positive culture around security and upskilling the team is equally important – and the guidebook goes into detail about that too. A company’s security measures are only as strong as the knowledge of the overall team, so it is vital organisations ensure all employees are involved in keeping operations secure.”

The need for this type of guidebook was first identified in conversations with business leaders at the first Executive Education programme in 2022 – a free course aimed at helping CEOs, directors, and non-executive directors in the public and private sectors become more involved in their organisation’s cyber security.