Basic cybersecurity checklist for small businesses

As a leader in managed network security services, I've seen firsthand how devastating cyberattacks can be for small businesses. The statistics are sobering: 43% of cyber attacks target small businesses, yet many lack basic security measures. The good news? You don't need a massive IT budget to significantly improve your cybersecurity posture.

Here are 8 essential steps I believe every small business owner should take to protect their digital assets.

1. Implement Strong Password Policies

• Require your staff to use high quality passwords. The best passwords are at least 12 characters, and use a combination of upper/lowercase letters, numbers, and symbols.
• Mandate password changes every 90 days, or every 180 for long passwords (over 15 characters). Because this can make remembering passwords a challenge, consider deploying a password manager for your team (Keeper Security is a great option— we recommend it to all our clients).

2. Enable Multi-Factor Authentication (MFA)

This simple step reduces the risk of account breaches by 99%. Enable MFA on all crucial accounts, including: email accounts, cloud storage services, financial applications, remote access tools, and social media accounts.

3. Keep Software Updated

• Enable automatic updates on all devices, or create a monthly schedule to check for updates.
• Replace software that's no longer supported by vendors. Outdated software no longer receives security patches and updates from the vendor, leaving you vulnerable to cyberattack.

4. Back Up Your Data

• Follow the 3-2-1 rule: three copies of data, on two different types of media, with one copy stored off-site.
• Test your backups monthly— you don’t want to wait until you need them to find out your backups are not running properly.
• Store offline copies of business-critical information.

5. Train Your Employees

• Conduct quarterly security awareness training for your staff, including simulated phishing tests and password update reminders.
• Create clear security policies and procedures, including an incident reporting process.

6. Secure Your Network

Did your boss ask you to set up a secure computer network, but you're not really the IT guy? Here's the basic steps you should take to secure the office network:

• Use a business-grade firewall to secure your network.
• Separate guest and business WiFi networks, and encrypt wireless networks with WPA3.
• Regularly change network passwords, and make sure to disable unused network ports.

7. Plan for Cyber Incidents

Research indicates that businesses are five times more likely to experience a cyberattack than a fire, so it is imperative that you create a cyber incident response plan as a part of your business emergency planning. Think of it this way: it’s just as important that staff know who and what to report if they suspect a cyberattack as it is for them to know where to go in the event of a fire. You can also prepare your business for a cyber incident by:

• Keeping printed copies of critical procedures
• Maintaining a cybersecurity insurance policy

8. Control Access

• Give employees only the access they need to do their jobs.
• Remove access immediately when employees leave.
• Maintain an up-to-date inventory of who has access to what.
• Review access rights quarterly.

The threat landscape evolves constantly, but these fundamental steps will help protect your business from the most common attacks. Remember, cybersecurity isn't a one-time project – it's an ongoing process that requires regular attention and updates.

For small business owners who want to take their security to the next level, consider working with a managed service provider (MSP) who can provide enterprise-grade protection at a small business price point.