Guides
Plain-English landing pages for the broad topics UK small businesses ask us about most. Each pillar pulls together the canonical upstream sources, the relevant interactive tools and our own articles in one place.
For UK small businesses
Cyber Essentials, made simple
What Cyber Essentials actually covers, what it costs, who awards it, and how a UK SMB can pass it without hiring a consultant.
For SMBs scaling into enterprise
ISO 27001 readiness
Honest framing of when an SMB really needs ISO 27001, the rough timeline and cost, and what an Annex A statement looks like.
For UK data controllers
UK GDPR, made simple
Plain-English UK GDPR guidance for small businesses — lawful bases, ROPA, retention, DPIAs, and what the ICO actually expects.
Incident response
Reporting a UK data breach
Decision tree for the 72-hour ICO notification, what evidence to keep, and when to also notify the affected individuals.
Everyone's first incident
Phishing 101 for the UK
How modern UK phishing works — HMRC, Royal Mail, M&S, fake invoices — and what to do when you (or a colleague) click.