If you only ever do ten things about cyber security, do these. A plain-English guide to the controls that stop the overwhelming majority of attacks on small businesses.

What it is

A concise, jargon-free PDF covering the ten security controls that deliver the most protection for the least effort: multi-factor authentication, regular tested backups, keeping software updated, controlling admin access, and more. For each one it explains what it is, why it matters, and how to check it is actually in place.

How to use it effectively

1. Read it once, end to end. It is short by design. You will recognise some controls and learn why others matter.
2. Score yourself honestly against each. Mark every control as done, partly done, or not done. Be truthful, that is where the value is.
3. Start with the "not done" items. These are your biggest gaps and usually your quickest wins. Many cost nothing but a little time.
4. Share it with whoever runs your IT. Use it as a shared checklist so everyone agrees on what is in place and what is not.

Why it matters

Cyber attacks on small businesses very rarely involve genius hackers. They almost always exploit a basic control that was missing: no MFA, an unpatched system, a backup that was never tested. Get these ten right and you remove the easy routes in that most attacks rely on. It is the highest-value document we give away.