Anglian Internet is a family run, independent firm that has been in business for over 20 years.
Made up of a dedicated team of IT professionals, we pride ourselves on being able to provide a wide range of reliable solutions to suit your needs, at the right cost.
Our Support team provide cost effective IT Support, Cloud Services, Servers and Office 365 to business customers across Norwich, Norfolk, Suffolk and East Anglia.
Improve your Business ITOur Workshop in Norwich offers PC repairs, Laptop repairs, Apple repairs including iMacs, MacBook’s, iPhones and iPads, Tablet repairs, along with repair of AV Systems and any other electronic repairs.
View Supported RepairsWe can provide your business with a comprehensive VoIP telecoms solution, along with Broadband and Leased Line services across Norwich and Norfolk.
View our Telecom ServicesOur Web development team in Norwich can help with Linux and Windows web hosting services, domain names, emails, web space and web design.
View Hosting PlansBrowse our massive range of IT Equipment, PCs, Laptops and Accessories. Buy Local in our Norwich store or buy online with confidence on our Secure Shop and receive rapid shipping!
Purchase In-Store or OnlineWe can provide your business with unlimited technical support over the phone or via remote support no matter where you are in the world.
Receive Dedicated SupportA single weak password, a missed software update or one convincing phishing email can be enough to stop a small business in its tracks. That is why a small business cyber security checklist is not just an IT document to file away. It is a practical way to reduce risk, protect customer data and keep your team working without costly disruption.
For many smaller firms, the challenge is not knowing cyber security matters. It is finding a sensible starting point. Most businesses in Norfolk, Suffolk and across East Anglia do not have the time or internal resource to review every technical detail. What they need is a clear, workable checklist that covers the essentials first, then improves over time.
A good checklist focuses on the areas that cause the most problems in real businesses - people, passwords, devices, email, backups and access to data. It should also reflect how your business actually works. A five-person office with shared laptops has different needs from a multi-site company using cloud platforms, VoIP, remote access and a local server.
The aim is not to buy every security product available. It is to close the obvious gaps, create consistent habits and make sure that if something does go wrong, the impact is limited.
Weak passwords remain one of the easiest ways into a business system. If staff are reusing the same password across email, cloud services and business platforms, a single breach elsewhere can quickly become your problem.
Every employee should have their own user account. Shared logins make it harder to track activity and much harder to remove access when someone leaves. Passwords should be unique, difficult to guess and stored in a proper password manager rather than a notebook or spreadsheet.
Multi-factor authentication should also be enabled wherever possible, especially for Microsoft 365, remote desktop access, VPNs, email accounts and finance systems. It adds a layer of protection that can stop an attacker even if a password has already been exposed. The trade-off is that some staff see it as an extra step, but that minor inconvenience is far easier to manage than a compromised account.
Laptops, desktops, servers, tablets and mobile phones all need to be part of your security plan. If devices are not updated regularly, known vulnerabilities can remain open for months.
Your checklist should include automatic operating system updates, regular application patching and centrally managed antivirus or endpoint protection. Businesses often assume built-in protection is enough, and sometimes it may be for a very small setup, but it depends on the level of risk, the type of data you handle and whether devices are managed consistently.
You should also know exactly what devices are in use. Untracked old laptops, personal mobiles used for work and retired machines left in storage all create avoidable risk. A simple asset list helps you see what needs support, what needs replacing and what should no longer have access to company systems.
For most small businesses, email is still the main route attackers use. Phishing emails, fake invoice requests, malware attachments and login page scams are common because they work.
Your team should know how to spot warning signs such as urgent payment requests, unexpected attachments, changed bank details and links that lead to fake sign-in pages. Staff awareness training does not need to be heavy or overly technical. It does need to be repeated. One briefing during induction is rarely enough.
Technical protection matters as well. Spam filtering, malware scanning and email authentication settings can reduce the volume of dangerous messages that reach staff in the first place. If your business relies heavily on email, this is one area where professional setup is usually worth it.
Not every member of staff needs access to every file, folder or system. Over-permission is common in small businesses because it feels quicker to give broad access than to manage it properly. The problem comes later when sensitive data is available to the wrong people, or when a former employee still has active login details.
Access should be based on job role. Finance data, HR records and management documents should be limited to the people who genuinely need them. When someone joins, changes role or leaves, access should be updated straight away.
This also applies to third parties. If your accountant, website developer or external contractor has access to business systems, that access should be documented and reviewed. Trusted suppliers still need sensible controls.
Backups are one of the most overlooked parts of any small business cyber security checklist. Many companies assume their files are safe because they use cloud services, but cloud storage and backup are not always the same thing.
You should know what is being backed up, how often it happens, where the backup is stored and how quickly data can be restored. A useful backup is one you can recover from under pressure, not one that simply shows as completed on a dashboard.
A sensible approach is to keep multiple copies of important data, with at least one isolated from your main systems. That reduces the risk of ransomware affecting both live files and backups at the same time. Testing matters too. If no one has checked whether a file, mailbox or server can actually be restored, you do not really know if the backup process is fit for purpose.
If your office router still uses default settings, guest devices sit on the same network as business machines, or remote access is left open without proper controls, the wider network may be easier to breach than you think.
Business broadband, firewalls and Wi-Fi should be configured with security in mind, not just convenience. Separate guest Wi-Fi from internal business systems. Change default passwords on networking equipment. Disable services you do not use. Restrict remote access and protect it with multi-factor authentication.
For some businesses, a basic setup is enough. For others, especially where staff work from home, use cloud phone systems or connect multiple sites, a more managed network approach makes sense. The right level depends on how much data you hold and how critical uptime is to your operation.
Cyber security is not only about technology. Staff need clear guidance on what is acceptable, what to report and how to handle business data.
That includes rules for using personal devices, installing software, sending sensitive information, working remotely and reporting suspicious activity. Policies do not need to be long or legalistic to be effective. They do need to be understood and followed.
A small business is often at greater risk from informal habits than deliberate misuse. Someone forwarding work files to a personal email account to finish a task at home may not mean any harm, but it still creates unnecessary exposure.
If a device is infected, an email account is compromised or files become unavailable, the first few hours matter. Without a plan, businesses lose time deciding who to call, what to shut down and how to communicate with staff or customers.
Your incident response plan should cover who is responsible, how systems can be isolated, where backup and recovery information is kept and when external help is needed. It should also include key contacts for IT support, telecoms, hosting and any compliance responsibilities you may have.
This is one of those areas that often gets ignored because owners hope they will never need it. That is understandable, but planning after an incident starts is always harder and usually more expensive.
If you are reviewing your current position, focus first on the controls that reduce the biggest risks quickly:
For many businesses, the hard part is not knowing what should be done. It is making sure it actually happens month after month. That is where regular reviews, dependable support and a local technology partner can make a real difference. Anglian Internet works with businesses that want practical protection rather than unnecessary complexity, helping them improve day-to-day resilience while keeping costs sensible.
Cyber security does not need to become a constant worry hanging over your business. With the right checklist, a realistic plan and steady support, it becomes part of running your systems properly - much like locking the door at the end of the day.
