Cyber security for SMEs: What are the minimum requirements?

February 19th, 2020
Cyber security for SMEs: What are the minimum requirements?

Cyber Security for SMEs What are the minimum requirements - blog feature image (900x300)

You know that cyber security is important to keep your company safe. But, if you’re a small business or a start-up, you may not have the time or know where to start with cyber security.

If you’re in this situation, what are the minimum requirements businesses should have to ensure they are protected from online threats?

We’ve put together a list of the things we think are vital, even if you only have a small budget.

User education

A little knowledge goes a long way in the fight against cyber criminals.

Teach your users to spot an attack with these types of topics:

  • What to look out for in suspicious emails.
  • How to set strong passwords.
  • How to spot phishing attacks.
  • Safe use of USB devices
  • Social networking dangers
  • Physical security tips
  • Data handling


Along with training your team, back up the training with company-wide policies. It’s important to have policies in place and to communicate these to new staff during their induction.

These will vary depending on your business needs and the information you store, but they should include things like:

  • secure password setting,
  • BYOD (use of personal devices),
  • downloading documents or software from unknown sources,
  • use of external hard drives and memory sticks, and
  • taking work computers offsite.


A firewall is a hardware or software barrier that monitors all network traffic coming into and going out of your business. It has pre-set security rules, which it applies to the traffic and then blocks or grants it access.

There are different types of firewalls available, but they all stop attacks where criminals will directly try to access your business's data. More advanced firewalls will filter inbound and outbound traffic to protect you further.

Password Management

One of the biggest dangers today online is the sharing of passwords across multiple sites. If one site is breached it means that everywhere you use that password is now at risk.

Remembering 100s of different secure passwords is difficult, thankfully there are many tools available to help with this. Services such as Myki, LastPass, and 1Password will securely store all of your passwords and auto-fill them into the sites you’re visiting.

Cyber Security for SMBs What are the minimum requirements - quote image

Antivirus & security software

Most people are familiar with antivirus and have some form of it installed on their personal computers. Antivirus software is sometimes free and can be downloaded from the internet, and Windows devices come with great baseline protection in Windows Defender

Antivirus detects and removes viruses and malware before they can take effect on your system. It reduces the likelihood of spam email, Trojans and worms being able to get in as well. If you can afford to invest in antivirus, this is recommended. 

The free versions can put you at risk of malware if you download the wrong one, and they may not be good enough to detect newer, more sophisticated viruses

You can also look at dedicated anti-malware software such as Malware Bytes.

To add to your layers of security you should consider a DNS filtering product, this will protect you from web-based threats when visiting infected websites.

Patch management

Patch management is a way of identifying and fixing any security problems or spotting missing patches. A patch will improve or update computer programmes and reduce the risk of them being compromised or attacked by cyber criminals.

If you use Windows as an operating system, this is often done automatically. However, if you’re running an older version of Windows, (for example, Windows 7) patches will not be updated, putting your computer at risk. It’s worth investing in a system upgrade as soon as possible.

Backup and disaster recovery

This is probably the most important tool you should invest in for your business, and hopefully, the name tells you why.

Data backup is when you make a copy of all your data so that in the event of a breach or compromise, you can restore the information. Backups should be done as often as possible as you will want to be able to restore the most recent information. Any data you back up should be stored securely.

Once you’ve done this, disaster recovery is how you’ll get lost information back. Having a procedure in place means the most important things still work while you have the data restored.

To survive a hack, business continuity is vital. Remember that the recovery and restoration process might be time-consuming, so choose a solution that doesn’t result in too much downtime.


We have looked at the top things you should look include in your cyber security strategy, which can be done on a limited budget. If there is anything you’d like to discuss in more detail our team are on hand to help.