How-To Guides: Practical Cybersecurity Steps
Practical, actionable guides that walk you through common cybersecurity tasks. No theory overload - just clear steps you can follow today.
Available Guides
How to Create a Security Policy
Write effective security policies your team will actually follow. Includes the 5 essential policies every SME needs.
How to Conduct a Risk Assessment
Identify and prioritize your security risks using a simple 5-step process. No complex methodologies required.
How to Set Up Two-Factor Authentication
Step-by-step guide to enabling 2FA on Microsoft 365, Google Workspace, and common business applications.
Patch Management & Zero-Day Response
Keep software up-to-date and respond to critical vulnerabilities. Practical process for SMEs without dedicated IT staff.
Security Awareness Training
Build a security-aware culture with practical training programs your team will actually remember.
Vendor Security Assessment
Evaluate and manage supplier security risks. Questionnaire templates and contract requirements included.
Why These Guides Matter
Security policies and risk assessments are:
- Required by NIS2 and CyberFundamentals
- Expected by cyber insurance providers
- Essential for consistent security decisions
- The foundation for all other security measures
Our Approach
Practical first
Focus on what you can implement, not theoretical perfection
SME-sized
Right-sized for businesses with 5-250 employees
Template-driven
Start with templates, customize for your situation
No jargon
Written for business owners, not security professionals
Coming Soon
Incident Response Planning
What to do when something goes wrong
Where to Start?
If you're new to formal security processes, start with the risk assessment. It helps you understand what to protect and prioritize your efforts. Then create policies based on what you learn.
Frequently Asked Questions
Do I need to do these in order?
We recommend starting with risk assessment (it informs everything else), then creating policies. But if you need a specific policy urgently, you can start there.
Can I do this without IT expertise?
Yes, these guides are written for business owners and managers, not IT professionals. You'll want to involve your IT person for some implementation details, but the planning and documentation can be done by anyone.
How do these relate to CyberFundamentals?
Risk assessment and security policies are required controls in CyberFundamentals. Completing these guides helps you check off multiple CyFun requirements.