Editorial Standards

The Small Business Cybersecurity Guy is an independent cybersecurity publication. These standards govern how we research, write, edit, and correct content. They apply to all contributors and all content published on this site.

Independence

This publication accepts no paid-for content, sponsored articles, or advertorial. No vendor, employer, or commercial partner has editorial input into any article published here. Contributors are not required to obtain approval from any employer or client before publishing.

We do not accept gifts, free products, or hospitality from vendors in exchange for coverage. Where a contributor has used or evaluated a product, that is based on their own independent experience.

Fact-checking and accuracy

All factual claims must be supportable. Statistics, incident details, and technical assertions are checked against primary or credible secondary sources before publication. Sources are cited in the article or available on request.

We do not publish claims that cannot be verified. Where we rely on a single source, we say so. Where evidence is incomplete or contested, we make that clear in the text.

Opinion and commentary

This publication covers opinion and commentary as well as factual reporting. Opinion pieces are clearly identified as such. Strong language and direct criticism are part of our editorial voice. All opinion is grounded in documented evidence, not conjecture.

Criticism of named organisations or products is based on verifiable conduct: published security incidents, documented failures, publicly available contracts, or official regulatory findings. We do not publish unsubstantiated allegations.

Conflicts of interest

Contributors are required to declare any conflict of interest relevant to the topic they are writing about. A conflict of interest includes, but is not limited to: commercial relationships with the subject of an article, direct involvement in an incident being reported, or personal disputes with individuals named.

Declared conflicts are noted in the article. In cases where a conflict is considered material enough to affect objectivity, a different contributor covers the topic.

Corrections policy

We correct factual errors promptly. When a correction is made to a published article, the correction is noted at the top or bottom of the article with a brief description of what was changed and when. We do not silently edit published content.

Minor corrections (spelling, grammar, broken links) may be made without a formal correction notice. Corrections that change the substance of a claim are always disclosed.

To submit a correction, use the contact page. Please include the URL of the article, the specific claim in question, and your evidence or reasoning. We review all correction requests.

Right of reply

When an article makes a significant factual claim about a named organisation or individual, we make a reasonable effort to seek comment before publication. Where comment is sought and not received, or where time does not allow for a prior approach, we note this in the article.

Complaints

Complaints about published content should be sent via the contact page. We aim to acknowledge complaints within five working days and to respond substantively within 14 days.

If you believe published content is defamatory, factually incorrect, or in breach of these standards, please say so specifically and include supporting evidence. We take complaints seriously and respond to them directly.

Content dating and currency

Cybersecurity is a fast-moving field. Articles are dated at publication. Where an article covers a topic that has materially changed since publication, we add an update notice at the top of the article.

Older articles remain accessible because they document incidents, policies, and practices as they stood at the time. They should be read in that context.