Cyber Security for Small Businesses in Birmingham — 2025 Checklist

43% of cyber attacks in the UK target small and medium businesses. The average cost of a breach for a UK SME is £8,460 — and that's before you factor in reputational damage, lost clients and potential GDPR fines. Most of these attacks succeed not because of sophisticated hacking, but because basic security hygiene isn't in place.

This checklist covers what every Birmingham business should have, what you must have if you handle customer data, and how to achieve Cyber Essentials certification — which is increasingly required to win contracts.

✅ The Non-Negotiables (Every Business)

1. Automatic Software Updates

The majority of successful malware attacks exploit known vulnerabilities in unpatched software. Windows, macOS, Office, browsers, plugins — everything should update automatically. This sounds obvious but in our experience, most small businesses have at least one PC or server running software that hasn't been patched in months.

2. Multi-Factor Authentication (MFA)

Enable MFA on every account that supports it — Microsoft 365, Google Workspace, your accounting software, your bank. If your email password is stolen (this happens via data breaches at other services, not necessarily your own fault), MFA is what stops an attacker accessing your email and impersonating you to your clients or suppliers.

3. Proper Passwords

Not "Password1". Not your company name. A password manager (Bitwarden is free; 1Password is excellent for teams) generates and stores unique, complex passwords for every account. This eliminates the single biggest attack vector: password reuse.

4. Separate Admin and User Accounts

Staff should not use administrator accounts for day-to-day work. If a user account is compromised by malware, limiting its privileges limits the damage the malware can do.

5. Firewall

Your broadband router likely has a basic firewall — but for a business, a managed next-generation firewall provides content filtering, intrusion prevention and threat intelligence that a consumer router doesn't. This is particularly important if you have staff connecting to your network from personal devices.

🔒 If You Handle Customer Data (GDPR Obligations)

6. Encrypted Laptops

If a staff member loses a laptop and it isn't encrypted, you almost certainly have a reportable data breach. BitLocker (Windows) and FileVault (Mac) are built in and free — they just need to be turned on. Many businesses haven't done this.

7. Email Security

94% of malware arrives via email. Anti-phishing tools, DKIM/DMARC email authentication and link scanning are now essential for any business handling client data. Microsoft 365 Business Premium includes Defender for Office 365 — if you're on a lower tier, you're missing important protections.

8. Dark Web Monitoring

Your email address and passwords are probably already on the dark web from a previous breach at LinkedIn, Adobe, Dropbox or hundreds of other services that have suffered data breaches. Dark web monitoring alerts you when your credentials appear so you can act before attackers do.

🏆 Cyber Essentials Certification

Cyber Essentials is a UK government-backed certification covering 5 controls: boundary firewalls, secure configuration, access control, malware protection and patch management. It's required for any UK government contract involving personal data, and increasingly requested by larger enterprise clients before they'll work with you.

The certification assessment is completed online and costs around £500 for most SMEs. We help Birmingham businesses achieve it as part of our cyber security service — conducting a gap analysis, implementing any missing controls and submitting the assessment on your behalf.

What Should I Do First?

If you're starting from scratch, prioritise in this order:

1. Enable MFA on Microsoft 365 / Google Workspace today (free, takes 10 minutes)
2. Implement a password manager for your team (from £3/user/month)
3. Enable BitLocker/FileVault on all laptops (free)
4. Set up automated software updates on all devices (free)
5. Get a Cyber Essentials assessment (from £500)