xs

sm

md

lg

xl

PSTN switch off and legacy line support services >

Safeguarding productivity with cyber security

Author: Joe Ashley  |  Date published: September, 23, 2025, UK  |  Read est: 5 min read

Focus Group
Focus Group
Focus Group
Focus Group
Focus Group
Focus Group
Focus Group
Focus Group
Focus Group
Focus Group
Focus Group
Focus Group

The volume of threats to UK businesses continues to rise, with UK SMEs already losing £3.4bn from inadequate cyber security protocols. Cyber attacks pose well-known threats, but their impact extends far beyond the reputational and monetary damages typically used to measure them.

For many SMEs, cyber incidents are the leading cause for IT downtime over hardware issues, bringing operations to a halt with little or no warning. The causes for this are varied, with low employee awareness or a disregard for established policies enabling cyber threats and inadequate defences failing to stop breaches.

However, businesses must also preserve employee productivity. Bringing in overly harsh security protocols can slow down every aspect of the working day, potentially causing frustrated employees to search for shortcuts. The relationship between cyber security and productivity is delicate, and achieving workplace security without productivity loss requires careful planning and the right approach.

How can SMEs find the balance when cyber attacks can be devastating to a business, and harsh policies can hinder everyone?

What role do employees play in reducing risks?

It’s common for security policies to be perceived as an obstacle by employees. Whether it’s through excessive bureaucracy, perceived wasted time, or too many systems to remember.

However, without any formal training, many of the day-to-day risks remain a mystery to many employees. On top of that, with hybrid working, the increased use of AI tools outside a business’ control and public Wi-Fi networks, these risks are only increasing. Small business cyber security faces unique challenges as teams become more distributed and technology usage expands.

Concerningly, over 50% of UK SME employees have received no cyber security training. Effective employee cyber security training programmes are essential for building awareness and ensuring teams understand both the importance of security measures and how to implement them efficiently. Without fully understanding the importance of business security policies, it’s common for employees to look for workarounds or practice poor security techniques.

The risks of locking everything down

While strong cyber security is vital, too harsh a system will lead to reduced efficiency. Here are some of the consequences you might face:

  • Constant password resets: Frequent password updates can lead to lost time and frustrated employees – especially if reset processes are slow or require IT intervention. Businesses can avoid this by implementing single sign-on (SSO) with multi-factor authentication (MFA) – it’s easier, more convenient, and more secure.
  • Inaccessible systems on personal or mobile devices: People often want to access work tools from their own devices, but productivity can suffer if security policies block or restrict this. Mobile device management (MDM) solutions and secure VPN access can help overcome these issues, providing a secure method of personal device usage.
  • Confusion between platforms and protocols: When security steps differ across multiple apps or systems for similar tasks, mistakes can happen – and time is wasted. By integrating security directly into everyday business tools like Microsoft 365, protocols stay consistent, keeping users secure and efficient.
  • Overly locked-down policies: Too much security can be a bad thing. Blanket restrictions on things like file sharing or AI tools can have a drastic impact on productivity. Instead, take a risk-based approach. Work with a security partner to review where flexibility can be safely built into policies.

Four steps to a clearer security policy

Step 1 – Analyse your security infrastructure

Identify your business needs, where threats lie, and whether you’re adequately equipped to deal with them. Working with a partner like Focus Group can be an effective way of auditing your requirements. Some of the solutions and services we recommend include:

  • Developing and implementing cyber security policies and procedures with regular risk assessments
  • Managing access and adjusting or removing permissions for users
  • Malware protection software for automatic scanning and threat removal
  • Email protection that filters incoming emails and blocks harmful content
  • Patch management to ensure regular software updates to fix bugs and improve stability
  • Firewalls and gateways to create a barrier between your network and external networks
  • Regular scanning and penetration testing to validate effectiveness of current security

Step 2 – Educate employees

Ensure they’re aware of existing security policies, why they’re there and how to operate safely at home, in public, or at the workplace. Focus Group has hosted countless security training sessions and faced many questions over the years. Here are some of the most common questions asked, and how to answer them:

  • Does cyber security awareness training work? Yes. Research consistently shows that well-delivered training reduces the likelihood of human error. When users know how to spot phishing emails, use strong passwords and follow safe practices, the risk of an incident drops significantly.
  • How long does it take, and what are the benefits? Sessions can be as short as 30–60 minutes and refresher modules often take less time. The benefits include fewer security incidents, reduced downtime, and more confident employees who know how to act in a potential threat scenario.
  • What's the best way to improve team cyber awareness? A combination of short e-learning modules, live workshops, and regular bite-sized updates (for example, simulated phishing emails or monthly tips) keeps teams engaged and ensures lessons stick.
  • How often should I implement training? Threats evolve quickly, so training must evolve too. Industry best practice is to provide formal training at least annually, supported by more frequent reminders throughout the year. Many businesses also refresh training whenever a new tool, policy, or type of attack becomes relevant.

Step 3 – Start a conversation

Let employees tell you where they struggle with security and where they feel processes are slow, so steps can be taken to overcome the issues. This step goes hand-in-hand with education, as many suggestions might not be advisable or achievable, but offer a good opportunity to explain security systems to users.

Step 4 – Integrate security protocols into business applications

Get more complete security coverage while minimising the impact on everyday productivity tools teams rely on. Microsoft 365 security implementation can be an effective method for achieving this, as it bundles most day-to-day business needs with effective enterprise-grade security, limiting risk while easing accessibility challenges. This approach supports the broader goal of workplace security without productivity loss.

How to make a secure but efficient working environment

It’s hard to balance security with productivity, whether you have an in-house cyber security or compliance team or not. Small business cyber security requires specialised expertise to get the balance right. That's where an expert partner can help – by working with Focus Group, you'll be supported in:

  • Finding the right tools for effective, secure working
  • Implementing policies that don’t frustrate users
  • Proactively working to counter emerging threats
  • Providing ongoing security training for employees

Productivity and security – your quick wins checklist

  • Regular team training updates
  • MFA across all devices
  • Security tools integrated into Microsoft 365
  • Clear protocols for remote/hybrid access
  • Support and guidance from Focus Group to balance your requirements

Don’t choose between security and productivity – pick both

Two-thirds of UK workers are engaging in activities that could compromise cyber security, many in the name of productivity and convenience. And while this leads to major business risk, implementing security policies that are overly restrictive can also present risks of their own.

With Focus Group, you get a technology partner that knows how to implement security policies in a way that doesn’t alienate your teams. By balancing innovation and protection – using policy, training, and layered security technology – we can support new technologies like AI and help employees work the way they want.

If you want to see how you can be safeguarded in a way that benefits your day-to-day, get in touch with our experts.

Joe Ashley photo

Joe Ashley
Cloud & Cyber Services Director

Joe, with over 25 years of experience in IT, cloud and cybersecurity across both the public and private sector, has led major transformation projects and multi-disciplinary teams. Joe is passionate about delivering cloud-native, secure IT solutions that help customers run, secure and grow their businesses.

Subscribe to our newsletter for the latest news, exclusive offers and top tips on tech

Sign up to our mailing list

Speak to a specialist now