7 Essential IT Tips for Small Businesses in County Durham

We work with small businesses across County Durham every week — sole traders, shops, care services, tradespeople — and the same avoidable IT problems come up again and again. This isn't a list of expensive enterprise solutions. It's practical advice that applies to businesses of any size, based on what we actually see going wrong.

1. Have a Working Backup — and Test It

This is the one that causes the most pain when it's ignored. Hard drives fail. Ransomware encrypts files. Laptops get stolen. If your business data only exists in one place, you are one incident away from losing it all.

What works: Follow the 3-2-1 rule — three copies of your data, on two different types of storage, with one copy off-site (or in the cloud). Microsoft 365 OneDrive or SharePoint provides an automatic cloud backup for all your files. Pair it with a local backup to an external drive for critical data.

Crucially — test your backup. The number of businesses that discover their backup wasn't actually working properly is significant. Restore a file from it regularly to confirm it works.

2. Keep Windows and Software Updated

Software updates exist primarily to fix security vulnerabilities. Running outdated Windows, Office or other software is one of the most common ways ransomware and malware gets in — attackers specifically target known vulnerabilities in older versions.

What works: Enable automatic updates for Windows. Check that Microsoft 365 apps are on current channel. If you have specialist software that can't be updated easily, this is worth raising with an IT professional — there are ways to mitigate the risk.

3. Use a Password Manager

Most people reuse passwords. When one site gets breached (which happens constantly), attackers try those same credentials on email, banking, and business accounts. Weak passwords that get guessed or phished are responsible for the majority of business account compromises.

What works: A password manager like Bitwarden (free), 1Password or the built-in Microsoft Authenticator. Use unique, long passwords for every account — the manager remembers them for you. Enable two-factor authentication on email, Microsoft 365 and any financial accounts.

4. Use Business Email — Not a Personal Gmail Account

Running a business from a @gmail.com or @hotmail.com address looks unprofessional, but more importantly it creates practical problems: limited control, no admin recovery if you're locked out, and data mixed with personal accounts. It also makes phishing attacks easier to execute against your contacts.

What works: Microsoft 365 Business Basic is £4.90/user/month and gives you a professional email address on your own domain, Teams, OneDrive, and SharePoint. We set these up regularly for businesses across County Durham.

5. Train Your Staff on Phishing

Most business cyberattacks don't start with sophisticated hacking — they start with someone clicking a link in a convincing-looking email. Invoice fraud, fake parcel delivery notifications, Microsoft account warnings — these are crafted specifically to trick people who aren't looking for them.

What works: Brief your team on what phishing looks like. The key tells: urgency ("act now"), unexpected requests for login credentials or payment, links that don't quite match the real domain (e.g. micros0ft.com). If in doubt, phone the sender directly using a number you already have — don't use contact details in the suspect email.

6. Secure Your Wi-Fi Network

An unsecured or poorly configured business Wi-Fi network lets anyone nearby potentially access your traffic. This matters especially if you handle customer data, financial information, or use the same network for business and guest access.

What works: Use WPA3 or WPA2 encryption. Set a strong, unique Wi-Fi password (not the router default). Create a separate guest network for visitors — this keeps them isolated from your business devices. Disable WPS (it has known vulnerabilities). Consider a VLAN setup if you have IoT devices on the same network.

7. Consider a Managed IT Arrangement

If IT issues regularly take you away from running your business — or you're not confident that your systems are secure and properly maintained — a managed IT arrangement may be worth the cost. Rather than paying reactively when things go wrong, you pay a predictable monthly amount for proactive monitoring, maintenance and priority support.

What works: This doesn't need to be expensive. For small businesses in County Durham, we offer flexible arrangements that cover the basics — monitoring, patching, security updates and fast response when you need help — without the overhead of a large IT firm.