Start with the fundamentals
Most attacks on small businesses aren't sophisticated. They rely on weak passwords, missing updates, and people being tricked into clicking something. Getting the fundamentals right closes off the easiest routes in.
Focus your first efforts where they matter most rather than trying to do everything at once.
- Turn on multi-factor authentication (MFA) for email and admin accounts.
- Keep devices and software up to date with automatic updates where possible.
- Use unique passwords with a password manager.
- Make sure you have backups — and that you've tested restoring them.
- Give people only the access they actually need.
Want a plain-English view of where your business stands?
Book a free cyber health checkGet visibility over your risk
You can't protect what you can't see. Knowing which devices, accounts, and cloud apps you have is the foundation of everything else.
A baseline security review gives you a clear picture of where you stand and what to prioritise, without drowning you in technical detail.
Have a plan for when something goes wrong
Even well-run businesses have incidents. What separates a minor disruption from a major one is often whether you know what to do in the first hour.
Write down who to call, how to isolate an affected device, and how you'll communicate. A single page is enough to start.
Aim for progress, not perfection. Doing five basics well beats a long list you never finish.
Work towards a recognised baseline
Once the basics are in place, Cyber Essentials gives you a recognised UK standard to work towards — and something concrete to show clients and insurers.
Turn this into an action plan
Book a free cyber health check and get a plain-English view of where your business stands.
Book a free cyber health check