We asked our partners and friends - What cyber security tips and guidance do they share the most at work with their colleagues, with clients, office staff, contractors and with family and friends at home?

This is the ultimate list of 11 ways SMEs can keep their business secure online; whilst ,working remotely, at home or on the go!

1. Don’t forget the basics!

It’s not a change, but just keep remembering the basics: protect email with a strong (unique) password, use two-factor authentication whenever it’s available, create strong passwords and use a password manager, and make sure patches are applied as soon as they are available – either updating devices yourself or cooperating with your IT administrators so they can act quickly. - Professor Emma Barrett OBE, University of Manchester

2. Think before you click that email!

Employees should always be wary, don’t click the link or download a document without knowing the source is genuine. - Sam, Riskbox

Think before you click, think before you respond to an email that seems too good to be true, too weird, too out of the blue or too panicky. Calm it down, slow it down, apply common sense, think it through, verify what you can, and think before you click. Graham, Irwin Mitchell

If you get an email or DM that promises something which seems too good to be true, it's more than likely to be a scam so don’t click on the link or respond in any way - Kevin, Bergerode

3. Treat your work and personal data with the same care

Employees should treat their work accounts the same way they would their personal online banking and take the time to ensure they practice good digital/cyber hygiene. Hands-Face-Space for covid, stop-challenge-protect for cyber. - Neil Jones, NWCRC

Apply the same rules to themselves as they do for the business – use antivirus, patch regularly, use strong passwords, etc- - Kevin, Bergerode

The cyber threat also exists at home and in your personal life. Take what you learn at work home with you: email safety, phishing awareness, good passwords and using MFA. Be risk aware at home, just as you are risk-aware when driving, crossing the road, or answering the door to a cold caller. - Graham, Irwin Mitchell

4. Introduce a Risk Management Regime and Incident Plan

Cyber security when implemented effectively works as a growth enabler. The easiest change for a business would be introducing a risk management regime, ensuring board-level responsibility in supporting risk management.

While some may see this as a challenge, IT directors/managers in SMEs and CISOs (medium to large organisations) see this as an opportunity to present a business case by conducting organisation-wide IT security health checks. - Harman, Cyphere

If your business hasn't created a ,cyber incident plan before, we have created an incident pack, which contains documents to help support your business plan its response to a cyber incident. These documents are designed to complement any existing plans or assist you in creating one.

5. Keep your work devices AND your personal devices updated

One thing any individual can do in order to improve cyber security is to ensure that any personal devices are up to date in terms of software and operating systems. Very often updates are put off until ‘later’, and devices are rarely switched off. I would, and frequently do, inform our clients and business owners that these updates are essential – as they not only update the operating system in a tangible sense but also improve the security levels of devices being utilised. -Sam, BrightHR

6. Give your staff Security Awareness Training

Regular non-technical staff awareness training, most still don’t realise all non-tech staff have a role to play which can help resilience. - Jo, BRIM

Train your staff. Employees are often the cause of the breaking of businesses' digital armour. We’ve seen claims all too often for social engineering or a rogue employee clicking a link. There is so much assistance out there to help, with NWCRC being one of them for Businesses to take a simple measure to reduce the likelihood of a breach happening.

We find Insurers are now offering pre-loss risk management tools for businesses, which can include employee training as they understand they are a risk factor. Take advantage of these policy benefits. -Sam, RiskBox

Invest in security awareness training. Your staff are your first line of defence and with 65-80% of all attacks we see in the NW originating through some form of account compromise, often as a result of phishing, you can help educate them to keep themselves and your business safe. - Neil Jones, NWCRC

Did you know - we can deliver Security Awareness Training alongside a ,Simulated Phishing Exercise to help your business fight phishing and other social-engineering attacks.

7. MFA, MFA, MFA, MFA... Did I mention MFA?

Multi-Factor Authentication or Two-Factor Authentication - don’t forget to do this at home with your online banking and social media accounts

MFA, MFA, MFA, MFA... Did I mention MFA? For me, this is by far the most important thing to do right now. Make sure you enable Multi-factor Authentication (MFA, aka Two Factor Authentication, or 2FA) on all internet-based work accounts, especially email and file storage (e.g. Google Workspace, Microsoft 365, etc). It prevents 99.9% of the biggest root cause of data breaches. Hackers don’t need to hack, they just log in. Stop them in their tracks with MFA.

-Graham Irwin Mitchell

Implement MFA, keep a log of your assets and keep your patches up to date. - Rosie, Honeypot

Incorporating two-factor authentication is an extremely useful tool to implement in order to become more cyber resilient. We’re seeing a huge increase in clients utilising two-factor authentication across systems when accessing, editing, and downloading documentation.

At ,BrightHR, we’ve also introduced two-factor authentication to our software package, improving the security of the services we provide to thousands of businesses across the globe. Documentation and employee handbooks can be regularly and easily updated to reflect the latest practices employers expect their staff to adhere to. BrightHR can provide comprehensive guidance and draft and template documentation which can be adapted to suit each individual company's requirement.

-Sam, BrightHR

8. Avoid writing your passwords down - get a password manager!

For employees, it’s crucial to remember never to write down, or share passwords. When creating passwords, utilising auto-generation can also assist in improving cyber resilience, which can then be stored securely on the browser, making it much more secure for both the individual and the business.

- Sam, BrightHR

9. Be careful about what you sign up for and who has your data

Avoid using public wifi for sensitive things such as online banking or shopping - Be careful about what you sign up for and who has your data

- Sam, RiskBox

10. Join the Cyber Resilience Centre today!

Regular training and workshops for staff on cyber resilience, providing online courses, and monitoring updates to pass on to staff members can also be incredibly useful for business owners to implement.

The North West Cyber Resilience Centre can provide this support to businesses of all sizes, ensuring that both managers and staff are knowledgeable in improving security practices. Our ,Free Membership has been designed by Police Officers and Cyber Professionals for any business regardless of size or sector, as a free member you will ,join over 500 businesses already improving their cyber resilience.

11. Sign up for our Business Resilience Program

More than 150 SME businesses from across Greater Manchester are now part of our ,fully-funded cyber resilience programme to help you combat the ever-increasing threat of cyber fraud and cyber attacks.

This Business Resilience programme includes training for two employees on protecting a business from cybercrime, multiple resources plus one-to-one consultation with cyber security experts. The funding comes from money seized from criminals under the Proceeds of Crime Act to fund crime reduction activities, and the programme has been commissioned by Greater Manchester Police (GMP).

To find out more about this funded programme, and ,to apply click here.