Cyber Security for Small and Medium Businesses

A sensible approach to security…


SMEs are at a risk of suffering a security incident that is estimated to cost between £75,000 and £310,000 with around 74% of SMEs reporting that they had suffered a breach (source: UK Govt Press Release).

The majority of the breaches in the news started with staff clicking on a link or opening an attachment, or being the victim of a scam. The Security Bureau has created the SME Security service to cover the types of attack that are affecting the UK’s businesses. We’ll provide you with the tools that you need to raise staff awareness of security and embed security into your business processes and technology so that you can operate securely.

What you get


SME Security is a package that contains everything that you need to start operating securely. The package has been created based on our experience of working with small, medium and large businesses. We know that each business is different and therefore have different security needs. However, the foundations are always the same; train your staff, create solid security processes and secure the technology.

Technical Security Audit

We will provide you with a technical security assessment of your desktops, servers and infrastructure to assess whether the measures are in place to withstand an attack such as being sent viruses. The assessment will review the configuration of your technology to ensure that you’re resilient to malware attacks and other forms of technical attack. We’ll then provide you with the information that you need to secure your systems.

Security Policies

We’ll provide you with security guidelines and policies for use as part of your HR policies, to lay down a good foundation for information security. The security policies that you’ll receive include password, social media and acceptable use policies. We’ll also provide you with the guidance that you need should you use cloud services and other 3rd party suppliers.

Security Testing

Your internet facing infrastructure and main web application will be penetration tested to find any security issues that could be exploited by internet facing attackers to cause harm to your business. We use state-of-the-art technologies and knowledge from experience to identify security vulnerabilities. If you have an online shop, we’ll find ways that attackers could defraud you. E-commerce websites have been known to allow users to purchase items for less than their advertised price or even credit their accounts.

Your questions

How long will the service take to deliver?
The service will take a week if we work with you solidly with no breaks, but typically it’ll be delivered within a month. If you have particular deadlines to meet, talk to us. We always do our best to accommodate our clients needs.

What do you get?
The security policies, a penetration test report and a technical security audit report. You’ll also get outstanding service, which is what we pride ourselves on.

Is the service flexible?
Yes of course. We understand that your business operates differently to other businesses. We could include another service that will have more impact than some of the elements offered in the SME Security service.

Is there ongoing support?
We’re here for you. You can call us after we’ve delivered the service, and we’ll provide you with the support and advice that you need to stay secure.

How does SME Security differ to Cyber Essentials?
Cyber Essentials covers basic technical measures and will not help you with ongoing security. We’ve included the security policies to help your staff appreciate their responsibilities in contributing to cyber security. We’ve also provided you with an in-depth penetration test where we go further than a vulnerability scan (provided in Cyber Essentials Plus). Penetration testing picks up more vulnerabilities because there is more of a human element, with testers piecing together information and pursuing targeted lines of attack in the same way an attacker would.

Does The Security Bureau provide Security Awareness Training?
Yes we do. You cannot use the Cyber Security Vouchers for any training and we’d recommend that you do train your staff as part of your security program.

Will the SME package mean my business meets ISO27001 or PCI compliance?
Unfortunately not. But SME Security will provide you with the foundations that you need to build on for any type of security compliance and therefore this is a worthwhile exercise if you’d like to meet compliance in the future.