top of page
  • Writer's pictureJared Thompson

11 Ways SMEs can keep their business secure online

We asked our partners and friends What cyber security tips and guidance do they share the most at work with their colleagues, clients, office staff, contractors, and family and friends at home?

This is the ultimate list of 11 ways SMEs can keep their business secure online; whilst working remotely, at home or on the go!

1. Don’t forget the basics!

It’s not a change, but keep remembering the basics: protect email with a strong (unique) password, use two-factor authentication whenever it’s available, create strong passwords and use a password manager, and make sure patches are applied as soon as they are available – either updating devices yourself or cooperating with your IT administrators so they can act quickly. - Professor Emma Barrett OBE, University of Manchester

2. Think before you click that email!

Employees should always be wary, don't click the link or download a document without knowing the source is genuine. - Sam, Riskbox

Think before you click and respond to an email that seems too good to be true, too weird, too out of the blue or too panicky. Calm it down, slow it down, apply common sense, think it through, verify what you can, and think before you click. Graham, Irwin Mitchell

If you get an email or DM that promises something which seems too good to be true, it's more than likely to be a scam, so don’t click on the link or respond in any way - Kevin, Bergerode


3. Treat your work and personal data with the same care

Employees should treat their work accounts the same way they would their personal online banking and take the time to ensure they practice good digital/cyber hygiene. Hands-Face-Space for covid, stop-challenge-protect for cyber. - Neil Jones, NWCRC

Apply the same rules to themselves as they do for the business – use antivirus, patch regularly, use strong passwords, etc.- - Kevin, Bergerode

The cyber threat also exists at home and in your personal life. Take what you learn at work home with you: email safety, phishing awareness, good passwords and using MFA. Be aware at home, just as you are risk-aware when driving, crossing the road, or answering the door to a cold caller. - Graham, Irwin Mitchell

4. Introduce a Risk Management Regime and Incident Plan

Cyber security, when implemented, effectively works as a growth enabler. The easiest change for a business would be introducing a risk management regime, ensuring board-level responsibility in supporting risk management.

While some may see this as a challenge, IT directors/managers in SMEs and CISOs (medium to large organisations) see this as an opportunity to present a business case by conducting organisation-wide IT security health checks. - Harman, Cyphere

It is more important than ever for your business to have a cyber security plan in place. To help businesses, we can show you why having a Cyber Security Plan in place is important.

If your business hasn't created a cyber incident response plan before, we have created an incident pack, which contains documents to help support your business plan its response to a cyber incident. These documents are designed to complement any existing plans or assist you in creating one.

NWCRC Incident Response Pack
Download ZIP • 3.34MB

5. Keep your work devices AND your personal devices updated

One thing any individual can do to improve cyber security is to ensure that any personal devices are up to date regarding software and operating systems. Updates are often put off until ‘later’, and devices are rarely switched off. I would, and frequently do, inform our clients and business owners that these updates are essential – as they not only update the operating system in a tangible sense but also improve the security levels of devices being utilised. -Sam, BrightHR


6. Give your staff Security Awareness Training

Regular non-technical staff awareness training, most still don’t realise all non-tech staff have a role to play which can help resilience. - Jo, BRIM

Train your staff. Employees are often the cause of the breaking of businesses' digital armour. We’ve often seen claims for social engineering or a rogue employee clicking a link. There is so much assistance out there to help, with NWCRC being one of them for Businesses to take a simple measure to reduce the likelihood of a breach.

Insurers are now offering pre-loss risk management tools for businesses, which can include employee training as they understand they are a risk factor. Take advantage of these policy benefits. -Sam, RiskBox

Invest in security awareness training. Your staff are your first line of defence, and with 65-80% of all attacks we see in the NW originating through some form of account compromise, often due to phishing, you can help educate them to keep themselves and your business safe. - Neil Jones, NWCRC

Did you know - we can deliver Security Awareness Training alongside a Simulated Phishing Exercise to help your business fight phishing and other social-engineering attacks?

7. MFA, MFA, MFA, MFA... Did I mention MFA?

Multi-Factor Authentication or Two-Factor Authentication - don’t forget to do this at home with your online banking and social media accounts

MFA, MFA, MFA, MFA... Did I mention MFA? This is by far the most important thing to do right now. Ensure you enable Multi-factor Authentication (MFA, aka Two Factor Authentication, or 2FA) on all internet-based work accounts, especially email and file storage (e.g. Google Workspace, Microsoft 365, etc.). It prevents 99.9% of the biggest root cause of data breaches. Hackers don’t need to hack; they log in. Stop them in their tracks with MFA.

-Graham Irwin Mitchell

Implement MFA, and keep a log of your assets and patches up to date. - Rosie, Honeypot

Incorporating two-factor authentication is an extremely useful tool to implement to become more cyber resilient. We’re seeing a huge increase in clients utilising two-factor authentication across systems when accessing, editing, and downloading documentation.

At BrightHR, we’ve also introduced two-factor authentication to our software package, improving the security of the services we provide to thousands of businesses across the globe. Documentation and employee handbooks can be regularly and easily updated to reflect the latest practices employers expect their staff to adhere to. BrightHR can provide comprehensive guidance and draft and template documentation which can be adapted to suit each individual company's requirements.

-Sam, BrightHR

8. Avoid writing your passwords down - get a password manager!

For employees, it’s crucial to remember never to write down or share passwords. When creating passwords, auto-generation can also improve cyber resilience, which can then be stored securely on the browser, making it much more secure for the individual and the business.

- Sam, BrightHR

9. Be careful about what you sign up for and who has your data

Avoid using public wifi for sensitive things such as online banking or shopping - Be careful about what you sign up for and who has your data

- Sam, RiskBox

10. Join the Cyber Resilience Centre today!

Regular training and workshops for staff on cyber resilience, providing online courses, and monitoring updates to pass on to staff members can also be incredibly useful for business owners to implement.

The North West Cyber Resilience Centre can support businesses of all sizes, ensuring that managers and staff are knowledgeable in improving security practices. Our Free Membership has been designed by Police Officers and Cyber Professionals for any business, regardless of size or sector; as a free member, you will join over 900 businesses already improving their cyber resilience.

11. Sign up for our Merseyside Cyber Security Programme 

Businesses across Merseyside are now part of our fully-funded cyber resilience programme to help you combat the ever-increasing threat of cyber fraud and attacks.

Fully funded cyber security support

This Business Resilience programme includes training five employees on protecting a business from cybercrime, multiple resources, and one-to-one consultation with cyber security experts. The funding comes from Merseyside Police.

To find out more about this funded programme and to apply, click here.


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.


Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.


This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page