5 Essential Cybersecurity Steps Every SME & Charity Should Take.

Small and medium-sized businesses are increasingly targeted by cybercriminals — not because they’re careless, but because attackers know many SMEs don’t have dedicated security teams.

The good news? A few simple steps can make your business much harder to compromise. Here’s how to start:

‍

‍1. Use Strong, Unique Passwords for All Business Accounts

Weak passwords are one of the easiest ways attackers gain access to your systems. This risk multiplies when passwords are reused across different platforms.

What to do

• Require long, complex passwords with a mix of letters, numbers, and symbols.
• Never allow password sharing between employees.
• Use a password manager for your team to safely store and share login credentials.
• Use somehting like KeePass which is a free open source password manager (others are available). It will generate complex passowords and store them in an encrypted database, which can be unlocked with one master key. https://keepass.info/

‍

2. Enable Multi-Factor Authentication (MFA)

Even a strong password can be stolen. MFA adds an extra layer of security by requiring a second form of verification, usually a code sent to a phone or generated by an app. MFA is one of the most effective and affordable security measures any business can take.

Where to enable MFA

• Business email accounts
• Cloud storage (Google Drive, OneDrive, etc.)
• Accounting software and online banking
• Any app with access to sensitive data

‍

3. Keep All Software and Devices Updated

Cybercriminals often exploit known software vulnerabilities — and updates are how those holes get patched.

What to do

• Enable automatic updates for all operating systems, antivirus software, and apps.
• Take a few minutes regularly to check if your business tools, like your till systems (POS), customer databases (CRMs), and website plugins have updates available. These updates often fix security bugs.
• Assign someone to own the update process so it’s not forgotten.

‍

4. Lock Down Your Wi-Fi Network

Your business Wi-Fi is like the front door to your digital workspace — and it needs to be locked tight. If your Wi-Fi is open or using weak settings, someone nearby could sneak into your network without you knowing.

How to protect it

• Change the default password on your Wi-Fi router — the one it came with is usually easy to guess.
• Make sure your Wi-Fi is using WPA2 or WPA3 security settings — they’re the safest. (If you see something called WEP, switch it off — that’s old and easy to break into.)
• Set up a separate guest network for visitors or personal devices.
• Review connected devices from time to time and remove any that shouldn’t be there.

‍

5. Cyber Awareness Training

A well-trained team is your first line of defense. Cybersecurity isn't just about technology — it's about people making smart choices every day.

Even the most secure systems can be undone by human error. Cybercriminals often rely on tricking employees into clicking malicious links or sharing sensitive information, one moment of inattention can lead to a serious breach.

• Change the default password on your Wi-Fi router — the one it came with is usually easy to guess.
• Run short, regular cybersecurity awareness sessions or share tips via email
• Teach your team to double-check unexpected links or attachments, especially in emails that seem urgent or unusual.
• Encourage a “pause and ask” culture — if something feels off, employees should know it's okay to verify with a colleague or manager.
• Carry out regular phishing simulations. to improve employee readiness
• Need help with the above - our Awareness Training is £3.50 per month

You don’t need an IT department to take cybersecurity seriously. These five simple practices, strong passwords, MFA, regular updates, secure Wi-Fi and awareness training build a solid foundation for you to start protecting your data, your customers, and your business.

Need help implementing these steps across your team? We'd be happy to support you.

‍

‍