IT Security – a checklist for small businesses

Computer security is complex and far reaching and many small businesses don’t have the time or interest to ensure that they have properly safeguarded their computers. Large companies spend millions of pounds on IT security but here are some simple steps that are affordable and every business can implement.

Back up

If you ever have a security disaster a good back up is the fastest way to recover. The damage from malware can be quickly reversed if you can restore your data to a recent back up.

  • Identify what data needs backing up – documents, photos, emails, contacts and calendars
  • Ensure the device holding your back up is not permanently connected to your computer
  • Windows can be configured to back up automatically to an external disk
  • A scheduled cloud backup is an option, it can be accessed from anywhere and all data is stored in locations off site, reducing the risk from hackers, viruses and disasters such as fires and flooding.
  • Office 365 provides a cloud back up that is GDPR compliant. Microsoft spend millions of dollars a year ensuring their systems are safe, which provides a far more robust system than many businesses currently rely upon.


All computers should have a firewall, which sits between your computer and the internet and only allows certain data to cross it. Windows and Apple computers have an integrated firewall built into the operating system, ensure it is enabled.

Anti virus software

The proliferation of adware, spyware and malware means that good quality anti-virus software is essential. Some of the best anti-virus protection is free for PCs such as Defender which is built into Windows 10 operating systems. For businesses requiring higher level security programs we would recommend ESET, CryptoPrevent, and Malware Bytes. A common misconception is that Apple and Linux computers do not get viruses. Virus and malware writers are exploiting this misapprehension, and the recent report from Malwarebytes suggested that Mac malware grew 270% in 2017.

Approved software

Only install approved software and prevent users from downloading software from unknown sources. Do not install “free” software until you have inspected it, often free packages come with spyware, adware and worse. Don’t be a blind “next” clicker, read what you’re saying “next” to during software installation, as you may inadvertently agree to install unwanted software.

Automatic Updates

Keeping your software fully updated will improve your security. Use the automatic update option where available and check that all updates have been carried out.

To check your Windows updates:

Windows Start – (pc) settings – update & security

If updates are available you can restart now or schedule your restart

If the last update is more than a month old then you may have an update issue (Patch Tuesday – 2nd of month)

Proactive Monitoring & Security

If your business relies on maximum uptime and security and you don’t have time to continually check on your PCs you may want to consider our Proactive Security Support service (£10/month per device). Computers will be monitored 24/7 with proactive maintenance carried out to ensure computers run efficiently, securely and with minimal downtime.

  • 24/7 proactive monitoring
  • 24/7 preventative maintenance
  • Antivirus and antimalware protection and monitoring
  • Managed Windows & third party application updates – all Windows updates tested before deployment
  • Hard drive monitoring

Be Vigilant

  • Attachments are the most common method of viruses spreading, don’t open attachments from an unreliable or unknown source
  • Do not click on links within emails that you cannot be sure are safe
  • Always read security warnings but research them before agreeing to anything
  • Choose secure passwords and do not share them
  • Be sceptical and aware of phishing scams and don’t give way sensitive data.
  • Phishing is a common way that online accounts are hacked into and can lead to identity theft
  • Read pop-ups before agreeing to anything
  • Limit administrator rights to minimise problems such as unapproved software being downloaded and security settings disabled.
  • Set a screensaver with a password to stop unauthorised access to data.

A Good Web Browser

A good browser will offer you more protection and whether you use Edge, Google Chrome, Firefox or Internet Explorer check the security settings to help enhance your computer security and safety.

Don’t trust Public WiFi

When you are using a public WiFi just be aware that much of your web browsing and email is being sent over the connection unencrypted, so that potentially anyone in that public space can be stealing your passwords and listening to your conversations.

  • When using the internet in public places make sure your firewall on your computer is enabled
  • If you have a 4G connection use that or you’ll need to secure your connection
  • Any sensitive website access, such as web email, with a username and password is used only via secure (https) connections
  • To avoid password theft be vigilant in public places
  • Use a VPN

Removable Media

Control access to removable media. USB keys and SD cards can contain unauthorized software that puts your network at risk. Malware like the Conficker worm spread via these devices and infected millions of computers globally. Sensitive data can also be copied onto these devices and shared with outsiders. Have a company policy that helps minimise the risk.

Password protection

Passwords when implemented properly are a free and easy way to prevent unauthorised access to your data and devices.

  • Passwords for all computers and switch on password/PIN protection on mobile devices.
  • Avoid using predictable passwords like passw0rd
  • Change passwords when you suspect a compromise
  • Change manufacturer’s default passwords
  • Improve your security and consider using a password management system

If you would like any advice on your IT Security call us on 01603 451810.