Free resource
Cybersecurity checklist for small businesses
The essential steps every small business and school should take. Print it, check your status, and fix the gaps.
1 Accounts & passwords
- Multi-factor authentication (MFA) enabled on email and key apps
- Unique, strong passwords (a password manager in use)
- Admin accounts separated from everyday accounts
- Accounts removed promptly when staff leave
2 Email & phishing
- Spam and phishing filtering in place
- Staff trained to spot suspicious emails
- A clear way to report suspected phishing
- Caution with payment-change and urgent requests
3 Devices & updates
- Operating systems and apps kept up to date
- Antivirus / endpoint protection installed
- Disk encryption enabled on laptops
- Screen lock and auto-lock configured
4 Data & backups
- Automated backups running regularly
- Backups stored off-site / in the cloud
- Restores tested at least quarterly
- Sensitive data access limited to those who need it
5 Network & access
- Wi-Fi secured with a strong password (guest network separate)
- Firewall configured and active
- Remote access secured (VPN or zero-trust)
- Default passwords changed on all equipment
6 Plan & response
- Someone is responsible for security
- A simple incident response plan exists
- Key contacts and steps documented
- Cyber-insurance / compliance needs reviewed
Want a hand closing the gaps?
We’ll assess your setup and prioritize the highest-impact fixes — affordably.