You could read plenty of detailed information on what you should do to protect your business against cyber threats – if you have the time. The following list, however, is a good summary of what SME businesses can practically do – starting today. It will take you a few minutes to read. If you tick these off systematically, you’ll have gone a substantial way towards dealing with some very significant threats.


Is a network security device that continually monitors traffic going in and out of your systems. It stops suspicious traffic from entering your systems. Have you ever had an email stuck in a junk folder on your server and you had to ask IT personnel to release? This particular email would have been placed into the junk folder because it was deemed suspicious or dangerous. Install a Firewall.

It is important to maintain your subscription to your firewall and ensure that any patches or updates are applied in a timely manner.

Virtual Private Network - VPN

VPN is a way of connecting remote workers to the main servers using an encrypted tunnel. There should be no internet access if the VPN is switched off. For secure remote working, having a VPN is a must. Never more relevant than in a time of Covid.


Encryption of laptops, mobile phones and I-pads is very important. This will render the device and the data on the device useless to a thief. List then. Encrypt them.

Administrative Access

Reduce or eliminate admin access or rights available on user's phones and laptops as this will stop malware in its tracks from infecting the server or other connected devices.


Regularly and systematically update laptops with most recent software (including debugs of security issues).


A minimum of eight characters and make them complicated – a combination of alpha and numeric. Where possible use Two-Factor Authentication (2FA). If there is no 2FA, ask why not.

Block USB Ports

So that data cannot be copied and so that a virus or malware cannot be installed.

Back up

This is so important – particularly if you have a Ransomware attack - because you may become reliant on your most recent back up to restore your data. In our own business we back up daily to a cloud and to a second back-up server - so the worst we will suffer is a day or two of lost business.

Working from Home

Is less secure. However, educate your staff on what they can and cannot do on the company equipment. Increasing personal use and increases vulnerability. We recommend that you require your staff to refrain from using a business device for social media, personal email, visiting non work related websites and personal file sharing. Company devices often have access to confidential data. Have a block on sending certain documents to personal email addresses.

Business Continuity Plan

Have one and test it. Review and update it to an agreed timetable.

Education and Training

Of employees on the dangers of cyber threats such as phishing and malware. Similarly, with issues impacting Data Security, Data Privacy, Data Protection and Data Breaches.

Incident Response Plan

Prepare a plan to deal with Cyber attacks and data compromises as they happen. Review it and update it to an agreed timetable.

Nominate a designated person – to handle all issues to do with cyber i.e. Risk identification, implementing protections and of course putting in place the right cyber insurance protection.

Cyber Insurance Policy

Have one. As a first step, give us a call and let’s have the discussion. Don’t wait until your business policy renewal date. Delays can be costly.


Talk to Rachel Dixon to find out how best to protect your business from a cyber attack today


Talk to Caeva O'Callaghan to find out how best to protect your business from a cyber attack today


Talk to Caroline McArdle to find out how best to protect your business from a cyber attack today