For SME owners

Plain-English advice on the technology risks hiding in your business.

Free reference site for non-technical business owners. Understand the risks, know what to do when something happens, copy the policies you need, study with flashcards.

Browse the risks Try the flashcards

Four ways in

25 topics

Risks

Hidden patterns inside SMEs — backups, suppliers, AI, customer trust, phishing, mobile, malware, patching. Plain English, NCSC-aligned.

10 playbooks

Scenarios

Step-by-step playbooks for situations every SME hits: phishing clicked, ransomware day, leaver access, customer questionnaire, choosing MSP.

15 starters

Policies & starters

Ready-made information security, acceptable use, password, AI, BYOD, remote-working, data retention, incident response, joiner/leaver policies. Edit and use.

Top 10

OWASP for SMEs

If you have a website or customer portal: the OWASP Top 10 web-app security risks in plain English. Questions to ask your developer.

The question every owner should ask

“Could your business keep running if the system, person, supplier, password, server, spreadsheet, or AI-generated tool you rely on failed tomorrow?”

Where most owners start

Four risks worth reading first.

Backup and recovery confidence

Look things up.

80+ terms

Glossary

Jargon-buster, deep-linkable.

5 decks

Flashcards

Interactive cards. Click to flip. Also as printable PDFs.

Curated

Resources

NCSC, ICO, OWASP, IASME, free tools.

5 examples

Translation

Technical report → business meaning.

12 answers

FAQ

Do we need a CISO? Is Cyber Essentials enough?

UK ranges

Typical costs

What M365 Premium, EDR, Cyber Essentials, cyber insurance, MSPs actually cost.

SME Digital Advisor is a free reference site by Andrew Rea & Associates. Most owners use it without ever needing to talk to a person. If you do, the about page explains who I am.