The complete cyber security checklist for UK small businesses. 50 practical controls across 10 categories — covering everything from backups and patching to physical security and incident response. Use it, share it, act on it.
Cyber risk doesn't need a complex framework to be understood. This guide shows non-technical business owners how to think about their specific risk, prioritise their response, and know when they need expert help.
Remote working has become permanent for many small businesses. This guide covers the security controls that make it safe — VPNs, home network risks, cloud security, and the specific threats that target remote workers.
Staff who understand cyber threats are harder to compromise than staff who don't. This guide covers what effective security awareness training looks like for small businesses — and what it doesn't.
The principle of least privilege — giving people access only to what they need — is one of the most effective controls in cyber security. This guide explains how to apply it practically in a small business.
Physical security is the overlooked dimension of cyber security. Unlocked screens, unattended devices, tailgating, and clean desk failures create risks that no firewall can address. This guide covers the practical basics.
Mobile devices hold business email, contacts, files, and app credentials — and receive far less security attention than laptops. This guide covers what every small business should have in place for phones and tablets used for work.
The web is the second most common delivery mechanism for malware and credential theft. This guide covers browser security settings, DNS filtering, safe browsing habits, and what to do when something goes wrong.
Email is the number one entry point for cyber attacks on small businesses. This guide covers the essential email security controls — DMARC, spam filtering, safe links, and what to actually train your staff to spot.
An unsecured or poorly configured business network gives attackers a foothold from which everything else can be reached. This guide covers the practical steps every small business should take to secure their Wi-Fi and local network.
Unpatched software is one of the most exploited entry points for cyber attacks. This guide explains what patching is, why it matters, and how to build a simple patch management process for a small business.
A working backup is the difference between a serious incident and a fatal one. This is the most important post in this series. It covers the 3-2-1 rule, offline backups, testing, and the mistakes that cause businesses to lose everything.
Weak and reused passwords are behind a staggering proportion of cyber incidents. This guide covers what strong passwords actually look like, why you need a password manager, and how to roll one out across your business.
You can't protect what you haven't identified. This guide shows small businesses how to build a simple asset inventory — the foundation of any effective security programme.
This is the first in a 15-part series on cyber security fundamentals for small businesses. No jargon, no scare tactics — just a clear, practical starting point for owners and managers.