Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action.


  1. Why are small businesses targeted by cyber-criminals?
    We might hear about sophisticated attacks on large firms in the media. But behind the headlines, small and micro businesses are targeted on a frequent basis because they are a soft target – They seldom have dedicated IT resources or in-house cybersecurity knowledge, their backups are hit-and-miss and seldom tested, and they believe they are too small to be attacked. A ransomware attack and subsequent ransom pay-out by the victim can all be done in a matter of hours, compared to days or weeks when the target is a large, sophisticated firm.
    Read more:
  1. Cybersecurity basics for small businesses
    If you are not sure where to start with cybersecurity, check out my guide to the basics. It deals with the most likely ways you are going to lose money through a cyber-attack (payment fraud; ransomware; password disclosure), and some simple things you can do to to defend yourself
    Read more:
  1. How not to do a phishing test
    Training employees to learn how they could be tricked by phishing emails is a key way to defend against one of the most common cyber-attacks. But make sure the content of the phishing test email doesn’t cause your staff to want to assault you.
    Read more:


  1. 62%: Ransomware or email system compromise accounted for 62% of US cyber-attacks in 2020.“Cyber-criminals are gravitating to ransonware and targeted email compromises [..] and away from bulk theft of personal data.
  2. 80%: The percentage of firms in North America that now have cybersecurity insurance. This is up from 34% in 2011. “Cyber insurance is no longer a luxury item”.


  1. If you do only one ‘cybersecurity’ thing this week, do this:
    On any system that stores your valuable data (e.g. email accounts; CRM systems; file shares; DropBox / OneDrive / Google Drive), make sure someone doesn’t just need a username and password to access that system. Set up two-factor authentication.Two-factor authentication is inconvenient but it’s far more convenient than dealing with the impact of a cyber-criminal gaining access to the system. If you don’t believe me, scroll to part 3 (“Password Theft”) of to learn more about the impact (in terms of money and time).