Know I.T. Consulting
AIServicesHow It WorksWhy UsBlog

A Practical Cyber Essentials Checklist for Small Businesses

By Know I.T. Consulting · 22 May 2026 · 2 min read

Cyber Essentials is a UK government-backed scheme covering the basics of protecting your business from the most common online attacks. Plenty of contracts now ask for it, public-sector ones especially. But even if you never go for the certificate, the five controls behind it are a sensible baseline for any small business.

Here's a plain-English checklist you can run through yourself.

1. Firewalls

A firewall sits between your network and the internet and blocks unwanted traffic.

  • Your office router or dedicated firewall is switched on and configured, not left on defaults.
  • The default admin password on the router has been changed.
  • Remote access to network devices is disabled unless you genuinely need it.

2. Secure configuration

Devices and software should be set up to reduce the ways an attacker can get in.

  • Unused accounts and default accounts are removed or disabled.
  • Software you don't use is uninstalled.
  • Auto-run / auto-play is turned off so a plugged-in USB can't run code by itself.

3. User access control

People should only have access to what they need.

  • Each person has their own account, with no shared logins.
  • Administrator accounts are used only for admin tasks, not day-to-day work.
  • Accounts are removed promptly when someone leaves.

4. Malware protection

You need a way to stop and detect malicious software.

  • Anti-malware is installed and updating automatically on every device.
  • Email filtering is catching obvious phishing and malicious attachments.
  • Staff know not to open unexpected attachments or links. A five-minute briefing goes a long way here.

For most small businesses, getting malware protection and cybersecurity right is the thing on this list most worth doing first.

5. Security update management (patching)

Out-of-date software is the most common way in.

  • Operating systems and apps are set to update automatically.
  • Devices that can no longer receive security updates are retired.
  • Firmware on routers and other hardware is kept current.

Where most small businesses fall down

The gaps we run into most are shared admin logins, devices that quietly stopped updating months ago, and email with no filtering on it. None of these are hard to fix. They just need someone to actually look.

If you'd like a hand working through this checklist, or you're getting ready for certification, we help businesses across Kettering, Northamptonshire and the wider UK. Local? Our Kettering IT support page has the details. Not sure where to start? Get in touch, no contract required.

Need a hand with this?

Pay-as-you-go IT support for UK small businesses. No contracts, no retainers.

Related reading

Outsourced IT Support for UK Small Businesses: A Plain-English Guide

What outsourced IT support actually covers, what it costs, and how to choose a provider. Written for UK small businesses with no in-house IT team.

Pay-As-You-Go vs Managed IT Support: Which Is Right for You?

A clear comparison of pay-as-you-go and managed (retainer) IT support, with the questions that decide which model actually saves a small business money.