Cybersecurity Essentials for Small Businesses
Here's a stat that keeps me up at night: over 60% of small businesses that get hit by a cyberattack close within six months. Not because the attack itself is devastating, but because they didn't have backups, didn't have insurance, and couldn't afford the recovery.
And yet, most small business owners I talk to still think "we're too small to be a target." You're not. You're actually the perfect target. You've got customer data, bank details, and probably no dedicated security person. Attackers know this.
The Stuff That Actually Matters
I'm not going to give you a 47-point security framework. Here are the five things that'll make the biggest difference for a small business:
1. Turn On Multi-Factor Authentication. Today.
This is the single highest-impact thing you can do, and it's free. Turn on MFA for Microsoft 365, your email, your CRM, your accounting software. Everything. If an attacker gets someone's password (and they will, eventually), MFA stops them getting in. We see businesses skip this constantly and it drives me mad.
2. Train Your Team (It Doesn't Have to Be Painful)
90% of breaches start with someone clicking a dodgy email. You don't need a full-day training course. 30 minutes quarterly showing real phishing examples is enough. We send simulated phishing emails to our clients' staff to keep them sharp. You'd be surprised how many people click.
3. Patch Your Software
When Windows says "update available" and you click "remind me later" for three months, that's a vulnerability sitting open. Turn on automatic updates for everything. Attackers literally scan the internet for unpatched systems within days of a vulnerability being published.
4. Back Up Properly
The 3-2-1 rule: three copies, two different types of storage, one offsite. And actually test restoring from your backup. We've seen businesses with "backups" that hadn't worked in months. An untested backup is not a backup.
5. Get Cyber Essentials
It's the UK government's baseline security certification. Costs about £300 and forces you to get the basics right. Increasingly, customers and insurers are asking for it. If nothing else, it gives you a framework to follow.
What If Something Goes Wrong?
Have a plan before you need one. Know who you're going to call. Know what to disconnect. Know who needs to be told. When you're in the middle of an incident is not the time to figure this out.
We help small businesses with all of this through our security services, from Cyber Essentials to endpoint protection to incident response planning. Our managed IT service bakes security in from day one so you don't have to think about it.
Get in touch for a free security review. We'll tell you honestly where your gaps are. No scare tactics, just practical advice.