Starting a business is exciting. Keeping it safe shouldn’t be complicated. With a few simple steps, you can protect your ideas, your customers, and your cash from common cyber threats - even on day one.
FREE download
Grab our plain English checklist and quick tips:
Secure Your Business Guide – Aursec
It walks you through everything below, step by step.
Why bother now?
Because small businesses are a prime target. In the last year, half of UK businesses experienced a cyber attack. The good news? Most early risks are easy to reduce when you’re just getting set up.
The usual culprits:
- Phishing & dodgy emails. Most successful scams still arrive by email—train yourself and your first hires to spot them.
- Weak or reused passwords. These sit behind a big chunk of breaches; a password manager + multi factor authentication (MFA) changes the game.
- Ransomware & malware. New variants pop up daily; updates and antivirus do a lot of heavy lifting.
- Lost laptops & phones. Set screen locks, turn on device tracking, and enable the ability to wipe remotely.
Quick facts that matter:
61% of breaches involve compromised credentials, MFA blocks 99.9% of account takeovers, and 560,000+ new malware samples are seen every day.
The 90 Minute Security Kick start (fits Cyber Essentials)
Think of Cyber Essentials as five commonsense controls: firewalls, secure settings, user access, malware protection, and updates. Nail these early and you’re in great shape.
Top Tip: Cyber Essentials isn’t just good security—it’s a trust signal. Many clients and government contracts look for it, so certification can help you win business as well as protect it.
1) Lock down accounts (User Access)
* Change all default passwords on routers, SaaS admin accounts, and devices.
* Turn on MFA for email, finance, your code repo, and your identity/login provider. Use an authenticator app rather than SMS where possible.
2) Harden devices (Secure Settings + Malware Protection)
* Switch on your firewall and install reputable antivirus.
* Enable automatic updates for your OS and apps; schedule installs for after hours.
* Set auto lock and enable device tracking so you can find, lock, or wipe a lost device.
3) Protect your data (Access + Backups)
* Turn on automatic backups and follow 3 2 1 (three copies, two media, one off site/cloud). Test a restore.
* Use least privilege access in your shared drives/CRM/code: people get only what they need.
* Switch on encryption (BitLocker/FileVault) for laptops.
4) Secure your network (Firewalls + Segmentation)
* Create a guest Wi Fi for visitors and personal devices—keep it separate from company resources.
* Require a VPN for remote work or any public Wi Fi.
* Turn off Wi Fi/Bluetooth when you don’t need them. (It saves battery and cuts risk.)
Prefer a checklist? It’s all itemised in the free PDF so you can tick things off in order.
Secure Your Business Guide – Aursec
Make security part of the culture (without the faff)
• Short, practical awareness sessions. Teach the team how to spot phishing, use MFA, and report anything odd. Most breaches have a human element—training works.
• Write a one page incident plan and rehearse it. Who does what? How do you contain it? Who gets told? Teams that test their plan cut the time to contain by ~54%, and SMBs that prepare can save a significant amount of money when something goes wrong.
Common threats → easy wins
• Phishing: MFA everywhere, email filtering, plus occasional simulations after training. 96% of successful phishing occurs via email.
• Password reuse: Password manager, unique passphrases, rotate any known default creds. 61% of breaches tie back to credentials.
• Ransomware: Keep software up to date and ensure you can restore from backup. (Remember WannaCry—it hit unpatched systems.)
• Lost/stolen kit: Full disk encryption + auto lock + device tracking. Laptops go missing more often than you think.
• Over permissive access: Review permissions monthly; “least privilege” keeps any damage small. Misconfigurations contribute to a significant share of breaches.
0–30–60–90: a simple rollout plan
• Days 0–30: Do the 90 minute kick start; adopt a password manager; run a 30 minute awareness session. (Checklist in the PDF.)
• Days 31–60: Review access, test a file restore, and write your one page incident plan; run a short phishing simulation.
• Days 61–90: Do a quick tabletop drill, fix gaps, and line up Cyber Essentials if you want the badge.
Ready to get started?
You don’t need a big budget or a big team, just a clear list and an hour to begin.
Download your FREE guide: Secure Your Business Guide – Aursec (checklist + how tos).
Then work through the steps above and you’ll be secure, confident, and customer ready from day one.
Ben Wright
Aursec
