Ten top tips for SMEs Start-ups

Ten top cyber security tips for small business

SMEs and start-ups are some of the most profitable and fastest growing companies with a flare for innovation, passion and a surplus amount of energy. However, due to the very nature of these individuals (hunters) they do not really see the need to slow down and assess the things that helps them fine-tune and streamline the structure of their business; unless they are lucky enough to have the backing and support of a venture capital (VC) firm.

The security and compliance are the last things on their mind…their aim is to succeed and push the barriers of opportunity and as such sometimes need ‘bolt-on’ support to piece all the scattered piece of puzzles together. Especially if they reach a point where they decides to sell or move into new markets; markets that requires them to demonstrate and operate in a defined manner.

So, for all the buzzing enthusiastic entrepreneur out there, try and get it right as go you along and don’t just ignore the little things that could potentially boost your position in winning the next deal.

Here are some tips to bear in mind prior to starting your journey as an entrepreneur and during your journey to achieve your entrepreneurial aspirations:


  • Understand the market you are targeting and ensure that you address all the possible standard requirements they would need even before engaging you
  • Make sure you understand your obligation around preserving the confidentiality, integrity and holistic security of their data
  • Develop a security policy
  • Develop and implement an acceptable usage policy internally if you have other employees
  • Always ensure you utilise at a minimum, a non-disclosure agreement and have at least a client engagement letter to solidify your business relations with clients
  • Carry out regular security scanning/assessment of your website/systems/applications if you are an ecommerce business or predominantly operating online
  • If you are an ecommerce business, be sure to think about doing the minimum – a PCI-DSS self-assessment questionnaire. You need to show that you take client data security and the security of your business seriously
  • Ensure you register with your data protection and privacy Agency, (in the UK, register with the ICO)
  • Develop and implement a mobile device usage strategy and policy
  • If you have a lot of uncontrolled devices or your employees uses their own devices, there are more reason to focus on the security and compliance of these devices regardless of who owns the device – at the end of the day, whatever data is being pushed to these devices, you as a company is responsible for how it’s used and processed
  • Develop and implement a social media policy to help your business utilise these mediums to maximise the full benefits to be had from social media
  • Start to seriously thinking about or purchasing a cybersecurity insurance policy to help you cover for any breach in relation to cybersecurity hacks/breach
  • Take every opportunity to educate yourself and your employees on a regular basis on the changes in legislation that may impact the way you operate your business (EU Directives, Safe harbour agreement, Data protection Act, FOI, Bribery Act) as well as how to deal with potential security scams and suspected breach
  • Some people may say this is not relevant because their company is too small to be doing some of these but a key thing to have in place is a business continuity plan…what if you were to fall ill, your business is flooded, caught fire, civil unrest etc., would you still be capable of providing the same levels of service to your clients?
  • Have a clear easy to understand incident response plan
  • Encrypt every piece of data you deem important to the running of your business
  • Perform a risk assessment on your business (at least the critical areas)