The ultimate small business checklist to help protect against cyber threats

Cyber threats are heard about more and more in the news with many attacks affecting larger businesses. However, more recently, there has been a rise in attacks against smaller businesses. Unfortunately, most small businesses lack the funds and tools to protect themselves against cyber-attacks, which leaves them vulnerable. However, with a few policies put in place, they can focus on keeping their data secure and protecting their customers.

We’ve come up with a simple checklist to help smaller businesses get to grips with their cyber-security. Particularly in light of the recent changes to data protection.

Plan by having effective policies, training and backup procedures in place

Acceptable use policy

An acceptable use policy sets out the rules surrounding your business network. This could cover a company intranet or simply the use of the internet within the business. Putting this in place highlights to any user, which could be a customer or employee, what websites are deemed accessible within the company network. It protects against unwanted website access including social media sites and reduces the risk of malicious content.

Access control policy

Implementing an access control policy ensures that users understand who has the right to change, access or remove any business information that may be sensitive or confidential. It can help to trace anyone with access to this information.

Account management policy

Anyone who has access to a business system should be aware of this policy. It simply defines which software requires passwords or encryption and how employees should manage this. It protects the business against employees who have left the company and ensures that they no longer have access to sensitive data.

Password policy

This policy ensures that systems and sensitive data are protected by strong passwords. This means passwords that someone couldn’t guess easily. It also ensures that the policy is distributed amongst the company so that there is a complex system in place, making it hard to break.

Wireless network security policy

Much like your wireless box at home, this type of policy protects your small businesses wireless network. It prevents unauthorised access from people not involved in the company and can help to stop devices infiltrating the system.

E-mail policy

An email policy is simple to put in place. It sets out how company email systems can be used and protect against spam or any other undesirable mail. It also protects against your own domain, which can result in emails being blocked or placed in spam folders to your customers.

Clean desk policy

It sounds simple enough, but a clean desk policy doesn’t just keep your desk tidy. It is put in place normally to protect against anyone accessing sensitive information from your desk. This may be removing documents, but it could also include securing computers too.

Data handling and disposal policy

This process outlines how to dispose of sensitive data properly. Once the information is no longer needed, the company must ensure that the information is disposed of properly.

Physical security policy

The physical security policy protects the business building itself. It confirms who has access to the building including visitors and employees as well as who accesses equipment within the business.

Internet security policy

An internet security policy ensures all devices and hardware within the business with anti-virus software. It outlines how this will be implemented and then maintained on a regular basis.


Whilst most of your company policies will be written within a handbook, it’s important that staff members are aware of their duties to protect any data they have access too. Informing employees of these policies and ensuring that passwords and encryptions are correctly put in place can help to gain more awareness and protect your data.

Data backup

It’s also important to back up any data that you have, not just for the protection of your business but for your customers too. By putting these policies in place and backing up any data, you can still maintain control over your sensitive data.

Prevent the worst from happening with cyber security best practices

Getting these policies in place is the first step towards cyber-security, and there are some simple tasks you can do to ensure that your business follows the rules it sets out.

Secure your emails

Encrypted emails are really important for a small business who may be susceptible to malware or viruses sent from spam or robot-mail boxes. Most email providers have spam filters too which can help to stop you from accidentally opening unwanted content.

Delete old users

Both for employees and customers, it is important to delete any users who may have access to business systems. It prevents them from gaining access to new sensitive information when they are no longer there.

Delete irrelevant data

Any data, particularly sensitive data should be removed from your systems as soon as possible. Customers also have the right to ask for their information to be removed too.

Password protection

Two step/ two-factor authentication and password management can be imperative in keeping your data safe. A two-step authentication requires a code, in addition to a password, to gain access to a system. Only a few people should have access to this. Therefore, if a password is guessed, then there is another boundary. It’s also best practice to implement a password manager, to ensure employees are changing emails when necessary and someone has access to all the information.

Secure your network

Some businesses restrict access to certain sites that may not be secure. In order to ensure your policy is protected, you can remove certain sites so that they are not accessible from your network.

Social media access

It’s important to let employees know what they can and cannot share on social media. It protects the company on both a business and personal platform.

Stay up to date

Keep systems and software, particularly anti-virus software up to date to ensure they are protected. The internet is a world of fast-paced changes and so keeping up with the latest updates will help keep your data secure.

Cover your back in case the worst happens with specialist cyber insurance

Getting the right insurance can help to protect your business in the event of a cyber threat. Businesses, particularly smaller businesses, need to realise their responsibility when it comes to protecting their data and protecting their clients. In the event of a breach or fraud, a business could lose out on profits, through lost customers, loss of trust and legal fees. Business insurance can help protect against these losses and keep the business running until it can be secured again.

Get a Cyber Insurance quote for your business.