First actions
Small business, small attack surface
Focus on controls that are simple to maintain when you are also doing the actual work.
Separate work and personal accounts
Use a dedicated business email and separate passwords for banking, invoicing, design, cloud and social tools.
Secure invoices
Tell clients how bank detail changes will be confirmed and add a warning to invoices about payment redirection scams.
Back up work product
Store proposals, contracts, source files and tax records in at least two locations, with one not always connected.
Protect your public profile
Turn on MFA for social media and website admin accounts, especially if clients find you through those channels.
Sample guidance
Everyday solo risks
Prevent payment diversion
Send bank details through a trusted channel, confirm unusual payment requests and do not approve changes from email alone.
Make your laptop recoverable
Use disk encryption, automatic updates, device tracking and cloud backup for work folders.
Keep only what you need
Delete old copies of IDs, payslips, addresses and customer forms unless you have a clear business reason to retain them.
Work safely on public Wi-Fi
Prefer mobile data or a trusted hotspot, avoid shared devices and lock screens when working from cafes or client sites.
Checklist
Friday admin review
- Check whether every invoice and payment app has MFA enabled.
- Back up current work and confirm files open from the backup.
- Review unpaid invoices for suspicious payment query threads.
- Update your device and browser before the next work week.
- Remove client files you no longer need to keep.