SaRB for SMO's blog pages contain between 3000-4500 words, as a non-subscribers you only have access to 800-1000 words.

Welcome to 'Security and Risk Blog' for Small and Medium-sized Organisations - otherwise known as SaRB for SMO's or SaRB for Small Organisations.

As the name suggests, this is a Blog about security and risk for small organisations where we aim to provide information on Digital Safety Skills for SMO's and raise their skill levels. We want to demystify risks and security for people with little or no security backgrounds. 

Here are some of our Blog articles:

  • Cyber Essentials Certification - Software Patching

    Cyber Essentials Certification - Software Patching

    Patching software has been an irritant for users and administrators as it can taken hours to complete. Implementing patches is very important to protect against attacks and ransomware.


  • Cyber Essentials Certification - Secure Configuration

    Cyber Essentials Certification - Secure Configuration

    All your operating systems, apps, software and services you use must be configured correctly to protect you from attacks. Secure Configuration of user and system devices and servers must enable you to protect these assets and know when there has been a compromise.


  • Cyber Essentials Certification - Gateways & Firewalls

    Cyber Essentials Certification - Gateways & Firewalls

    An Organisation’s Internet Gateways (mainly routers and firewalls) are usually packaged in with modems as single devices and enable access to the Internet. Firewalls help control the flow of data coming into and out of an Organisation. Together these devices play a big role in the security of a Small Organisation’s network.


  • Cyber Essentials Certification - Introduction

    Cyber Essentials Certification - Introduction

    In many previous episodes, we’ve mentioned Cyber Essentials Certification as a way of demonstrating a certain level of cyber security controls. But what is it and how does a Small Organisation get it? Can your Small Organisation really get it working on your own or do you need an expert? This is the first of our seven-part series on How to Certify in Cyber Essentials Basics, without paying an expert to do the work for you.


  • Protecting Against Attacks

    Protecting Against Attacks

    The end goal of understanding attackers, how they attack, what they are after, and what makes it easy for them, is all to get a better understanding of how best to protect your organisation.


  • How Attackers Get to You

    How Attackers Get to You

    Attackers have been getting into large and small organisations for many years, and every week we read about all the breaches that could not be hidden from the public. Today we look at what Small Organisations may do in particular that makes it easier for attackers to get into their Organisation.


  • What Attackers Want

    What Attackers Want

    Every week the media covers stories about data breaches, ransomware, vulnerabilities and attacks to large organisations. These stories perpetuate a misconception that attackers only attack large organisations with assets worth going after.


  • The Small Organisation Attack Surface

    The Small Organisation Attack Surface

    The ubiquity of today’s technology has enabled unrivalled connectivity, which has brought with it unrivalled opportunities for attack.


  • Attacks to SMOs

    Attacks to SMOs

    When it comes to cyber security attacks, what do we know about them, where do they originate, how do they succeed, what is the goal of certain type of attacks? These are just some of the questions that hit the public imagination when it comes to attacks to Small Organisations. However, there are many myths and misconceptions around them.


  • SMO Attackers

    SMO Attackers

    When it comes to cyber security attacks, who are the attackers likely to attack a Small Organisation? What do they look like, how skilled are they, why do they do what they do? These are just some of the questions that hit the public imagination. But when it comes to attackers of Small Organisations there are many myths and misconceptions which hinder the preparation and response to attacks.


  • Monitoring Employees in SMOs

    Monitoring Employees in SMOs

    Small and Medium-sized Organisations sometimes have issues which result in a thinking that they should monitor what employees are doing. These issues may be well founded in many cases, but the fact remains that there is often a need to monitor what is happening on the network. In this Blog we look at the right approach to employee monitoring for SMOs


  • Social Media and Cyber Security in SMOs

    Social Media and Cyber Security in SMOs

      Social media has grown over the last fifteen years from being something you used occasionally to being something that some people rely on to do just about everything on. Social media sites and apps have included services and functionality to enable users to interact with brands and personalities in ways that were never possible.


  • Website Security for Small Organisations

    Website Security for Small Organisations

    People read or hear about breaches in the press on a regular basis, and website breaches are one of the largest categories of breaches that take place. These don't just affect large corporates, they affect Small Organisations as well, especially since they don't not have the expertise to secure their websites. Here we look at what Small Organisations can do to secure their websites.


  • Safe & Secure Internet Browsing

    Safe & Secure Internet Browsing

    As web development has matured so to have the applications and interfaces of websites and the browsers used to view and access them. The fact that we can do so much more on the web now than ever before comes with greater opportunities for criminals. Here, we go though some of the things people can do to ensure that they are browsing more safely.


  • Ensuring Secure Supply Chains for Small Organisations

    Ensuring Secure Supply Chains for Small Organisations

    For small organisations to keep large enterprise customers they must make sure that their supply chain is secure, consistent and not affected negatively easily. To do this successfully they have to invest in processes similar to those used by their enterprise customers. Here we explore some of those considerations for small organisations, so that you are not comparing apples to pears.


  • Getting and Keeping Enterprise Customers with Security

    Getting and Keeping Enterprise Customers with Security

    Today's enterprise customers are more attuned with risk and security and because of that they want to work with suppliers which take security seriously. This is especially so as there have been many high-profile breaches which originated from a third-party supplier. So, the best way that Small Organisations can get and keep enterprise customers is to demonstrate that they understand risk and security.


  • Getting Started with Security in a Small Organisation

    Getting Started with Security in a Small Organisation

    Get started with your Organisation's Security Programme! The hardest part of anything is often getting started, whether it is a personal fitness habit or getting started with our organisation's cyber security protection.


  • Authentication for Small Organisations

    Authentication for Small Organisations

    Many Small Organisations will use a vast host of online and offline services where they are required to login to prove who they are. That process of validation is called authentication, and all services are restricted until a user has authenticated themselves to the system. Unfortunately, not all forms of authentication are completely secure. In this blog we explore the various methods open to Small Organisations and what they should use and what to avoid when it comes to authentication.


  • Physical Security in Small Organisations

    Physical Security in Small Organisations

    In this episode we explore the importance of physical security to cyber security in Small Organisations, and how one can affect the other.


  • Malware Awareness in SMOs

    Malware Awareness in SMOs

    Malware is used by attackers to enable them to get to you, your data, or other assets. Getting it onto organisations' systems has become a real are on the part of attackers, everyday anyone communicating with the world using technology is likely to come across many attempts to infect them.



Security and Risk topics we cover

Managing Security Risks

Identifying threats and risks to organisations

  • Identifying assets specific to small and medium-sized organisations
  • Tools, services and controls small and medium-sized organisations can use: 
    • for protecting their assets
    • to detect whether their organisation is in the process of, or has already been breached
    • to respond to a likely breach or compromise
    • to recover from breaches or compromises
  • Email security issues for organisations
  • Ransomware risks to organisations
  • Network security for small organisations
  • Risks and strategic and tactical approaches to security from a 10 to 50 to 250 employee company and beyond.

Security and Risk Questions we cover

  • How to get started in managing security risks?
  • What are the quick wins for protection?
  • Which assets are attackers after?
  • Which assets details should we keep records of?
  • How can we get through our Cyber Essentials Certification without having to pay an external consultant?
  • What is the best way to share data with our customers and partners?
  • What should we be doing about data protection to comply in our country?
  • What are the best back-up tools for a small organisation?
  • How do we choose a managed security service provider?
  • How to choose authentication tools for your organisation?
  • At what point do we need to employ security staff?
  • How to use best security practices for a competitive edge?
  • How to decide which options provide better benefits?

Free security and risk resources we are providing

  • Complete Cyber Essentials Asset Register spreadsheet with: 
    • Computer details
    • Server details
    • Mobile devices 
    • Network devices
    • Printers and scanners
    • Other devices
    • Special bonus includes other Intellectual assets tab not for Cyber Essentials Certification
  • Template policies
  • Checklists
  • Action lists.


This Blog is aims to help small and medium-sized organisations to raise the bar and reduce attacks to their organisations by taking effective actions to protect them. We want to help make being secure an easier option to take than the insecurity resulting from not taking any action. We endeavour to make as much security and risk information as freely accessible as possible for all SMO's. If you have any pressing issues that you would like us to cover for other organisations which may be experiencing similar challenges to you, please get in touch with us through our contact us page, or if you are a Registered or Subscribing User please use the messaging tool provided.