Cyber Security Tips for Small Businesses

It is very important for small businesses to protect themselves from the most common cyber attacks. If you’re a small or medium-sized enterprise (SME) then there’s around a 1 in 2 chance that you’ll experience a cyber security breach.

Here are a few tips cyber security tips for small businesses to get you started.

Backing up your data

Think about how much you rely on your business-critical data. Customer details, quotes, orders, and payment details. Now imagine how long you would be able to operate without them. All businesses, regardless of size, should take regular backups of their important data, and make sure that these backups are recent and can be restored.

– Identify what data you need to back up

– Keep your backup separate from your computer

– Consider cloud storage

– Make backing up part of your everyday business

Protecting your organisation from malware

Malware is software or web content that can harm your organisation. The most well-known form of malware is viruses, which are self-copying programs that infect legitimate software.

– Install, and turn on, antivirus software

– Prevent staff from downloading dodgy apps

– Keep all your IT equipment up to date

– Control how USB drives (and memory cards) can be used

– Switch on your firewall

Keeping your smartphones and tablets safe

Mobile technology is now an essential part of modern business, with more of our data being stored on tablets and smartphones. What’s more, these devices are now as powerful as traditional computers, and because they often leave the safety of the office (and home), they need even more protection than ‘desktop’ equipment.

– Switch on password protection

– Make sure lost or stolen devices can be tracked, locked, or wiped

– Keep your device up to date

– Keep your apps up to date

– Don’t connect to unknown Wi-Fi Hotspots

Using passwords to protect your data

Your laptops, computers, tablets and smartphones will contain a lot of your own business-critical data, the personal information of your customers, and also details of the online accounts that you access. It is essential that this data is available to you, but not available to unauthorised users.

– Make sure you switch on password protection

– Use two factor authentication for ‘important’ accounts

– Avoid using predictable passwords

– Help your staff cope with ‘password overload’

– Change all default passwords

Avoid phishing attacks

In a typical phishing attack, scammers send fake emails to thousands of people, asking for sensitive information or containing links to bad websites. They might try to trick you into sending money or steal your details to sell on. Phishing emails are getting harder to spot, and some will still get past even the most observant users.

– Configure accounts to reduce the impact of successful attacks

– Think about how you operate

– Check for the obvious signs of phishing

– Report all attacks

Don’t leave the responsibility for cyber security with a single person. Every member of the team needs enough knowledge to understand how cyber security impacts on their area of focus. Contact us to see how we can help develop these cyber security tips for small businesses.

Updates to Cyber Essentials Certification

Using five security controls, Cyber Essentials aims to help businesses to reduce the impact of online threats, such as:

Phishing attacks



Password attacks

Network attacks

Earlier this year, some of the technical control requirements for Cyber Essentials changed in line with recommended security updates. Let’s take a closer look at the updates.

Home working is in now part of the scope. However, most home routers are not. Following the increase in ‘working-from-home’, it has become the norm for staff members to access their work through a home/personal device. Even though home routers are out of scope, any end-user devices used to access a business infrastructure must have the Cyber Essentials controls applied. Anyone who works from home for any amount of time is classed as a ‘home worker’ and this rule will apply.

All cloud services are now part of the accreditation process. In the last two years it has become increasingly common to access work through cloud solutions with businesses opting for a cloud-based infrastructure. Any cloud services must now be fully integrated into the accreditation. If your business data or services are hosted in the cloud, then Cyber Essentials controls need to be implemented.

Multi-factor authentication (MFA) is now required to access cloud services. Most of us use some form of MFA every day, for example to access our banking app. MFA uses a minimum of 2 factors to grant access, something you know and something you have: usually a password and a face, voice or print recognition. For Cyber Essentials, the password element of the MFA approach must be at least eight characters long, with no maximum length restrictions.

Smart phones and tablets are now part of the certification. These are any device that you use to connect to your corporate network and access organisational data and services via mobile internet. However, if mobile devices are only used for voice calls, text messages or MFA, then these devices will not be considered.

Two additional tests have been added to the Cyber Essentials Plus audit. These are: test to confirm MFA is required for access to cloud services and test to confirm account separation between user and administration accounts.

If you would like to learn more about the updates to Cyber Essentials then please do get in touch with our team on 0161 763 4529. We are fully trained and experienced in keeping your business safe online.

What is Cyber Essentials and why it is important

As explained by the National Cyber Security Centre (NCSC), Cyber Essentials is a simple but effective, Government backed scheme that will help you to protect your organisation, whatever its size, against a whole range of the most common cyber-attacks.

what is cyber essentials

What is the National Cyber Security Centre

Launched in October 2016 with headquarters in London, the NCSC is an organisation of the UK Government that provides advice and support for the public and private sector in how to avoid computer security threats. They provide a single point of contact for SMEs, larger organisations, government agencies, the general public and departments, nurturing the UK’s cyber security capability.

Why is Cyber Security important?

Cyber security’s main responsibility is to protect the devices we all use (smartphones, laptops, tablets and computers), and the many online services we all access. It’s also about preventing unauthorised access to the vast amounts of personal information we store on these devices, and online.

Online banking and shopping, email and social media. We all need to take steps that can prevent cyber criminals getting hold of our accounts, data, and devices – both at home and at work.

Cyber Security for businesses

It is true that as a business, you can never be totally safe. Most online attacks can be prevented or detected with basic security practices for your people, processes and IT systems. These steps are as important as locking your doors at home. It is possible to manage your online security in the same way you would protect any other aspect of your business.

With more customers demanding that their suppliers are secure, this is becoming a business necessity. You can save money through adopting an efficient risk management approach of planning, implementing and reviewing. This will help your business gain a competitive advantage by being seen to take security seriously.

cyber essentials codus it


What information assets are critical to your business?

What kind of risk could they be exposed to?

You are being attacked, can you continue to do business?

How can you manage these risks on an ongoing basis?


Have you put in place the right security controls to protect your equipment, information, IT system and outsourced IT services?

Do your staff know what their responsibilities are? Do they know what good practice looks like?

You have suffered an attack, how will you deal with it and get back to business? Who will you turn to for help?


Are you reviewing and testing the effectiveness of your controls?

Do you monitor and act on the information?

Are you aware of the latest threats are?

The biggest vulnerability in cyber security is human error. Organisations who do not have a staff awareness training programme in place, face an increased possibility of someone making an avoidable mistake. Examples: reusing a password on multiple accounts, falling for a phishing scam, or failing to properly dispose of sensitive information when it is no longer needed.

Most businesses know that they should be doing more to protect themselves. It can be difficult knowing where to begin. If this is the case for you reading this blog and want to learn more about what is cyber essentials, then keep following us as we dive deeper into each risk management stage in our next piece.

Feel free to contact our team on all aspects related to cyber security and they will be happy to help. You can reach us by phone on 0161 763 4529 or via email at

Successful Cyber Essentials Accreditation for AFL Architects

Here at Codus we are proud to share that we have recently supported our client AFL Architects in successfully gaining their Cyber Essentials accreditation.

What Is Cyber Essentials?

AFL Architects Cyber Essentials

A Cyber Essentials accreditation is a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats and demonstrate their commitment to their cyber security.

AFL Architects, an international architectural, masterplanning and interior design practice based in Manchester, are a long-standing Codus customer. We fully understand their vision, ways of working and systems in place, making us the perfect partner to assist with the certification.

As a leading architectural practice, AFL Architects will now enjoy some key benefits from having a Cyber Essential accreditation:

  • They will be able to reassure customers on their commitment to IT security and protection against cyber attack
  • They will attract new business who care about a supplier’s cyber security measures
  • They have a clear picture of their organisation’s cyber security level

We would like to thank you the team at AFL Architects for their continued business, it is a pleasure to support you on your mission to create lasting places for our communities.

IT Security At Codus

IT and Online Security Codus

The way we work at Codus is very precise. When we are first contacted by a customer we carry out a full system audit, giving us details on what is already in place. Follwing the audit we make detailed recoomendations on how we can make the IT more efficient for the business. We take great care of your systems, data and online security, with a proactive approach by our team in always recommenting new ways of working that would bring efficinecy to your business. In turn this would make us a great partner for future projects such as a Cyber Essentials accreditation.

To find out more on our range of service sumply contact our team on 0161 763 4529. Also follow us on Twitter @Codus_IT for all our latest updates and useful IT tips.