Basic cybersecurity checklist for small businesses

by Jon Lober | NOC Technology

Protect your business with basic strategies.

As a leader in managed network security services, I've seen firsthand how devastating cyberattacks can be for small businesses. The statistics are sobering: 43% of cyber attacks target small businesses, yet many lack basic security measures. The good news? You don't need a massive IT budget to significantly improve your cybersecurity posture.

Here are 8 essential steps I believe every small business owner should take to protect their digital assets.


1. Implement Strong Password Policies

  • Require your staff to use high quality passwords. The best passwords are at least 12 characters, and use a combination of upper/lowercase letters, numbers, and symbols.
  • Mandate password changes every 90 days, or every 180 for long passwords (over 15 characters). Because this can make remembering passwords a challenge, consider deploying a password manager for your team (Keeper Security is a great option— we recommend it to all our clients).


2. Enable Multi-Factor Authentication (MFA)

This simple step reduces the risk of account breaches by 99%. Enable MFA on all crucial accounts, including: email accounts, cloud storage services, financial applications, remote access tools, and social media accounts.


3. Keep Software Updated

  • Enable automatic updates on all devices, or create a monthly schedule to check for updates.
  • Replace software that's no longer supported by vendors. Outdated software no longer receives security patches and updates from the vendor, leaving you vulnerable to cyberattack.


4. Back Up Your Data

  • Follow the 3-2-1 rule: three copies of data, on two different types of media, with one copy stored off-site.
  • Test your backups monthly— you don’t want to wait until you need them to find out your backups are not running properly.
  • Store offline copies of business-critical information.


5. Train Your Employees

  • Conduct quarterly security awareness training for your staff, including simulated phishing tests and password update reminders.
  • Create clear security policies and procedures, including an incident reporting process.


6. Secure Your Network

Did your boss ask you to set up a secure computer network, but you're not really the IT guy? Here's the basic steps you should take to secure the office network:

  • Use a business-grade firewall to secure your network.
  • Separate guest and business WiFi networks, and encrypt wireless networks with WPA3.
  • Regularly change network passwords, and make sure to disable unused network ports.


7. Plan for Cyber Incidents

Research indicates that businesses are five times more likely to experience a cyberattack than a fire, so it is imperative that you create a cyber incident response plan as a part of your business emergency planning. Think of it this way: it’s just as important that staff know who and what to report if they suspect a cyberattack as it is for them to know where to go in the event of a fire. You can also prepare your business for a cyber incident by:


  • Keeping printed copies of critical procedures
  • Maintaining a cybersecurity insurance policy


8. Control Access

  • Give employees only the access they need to do their jobs.
  • Remove access immediately when employees leave.
  • Maintain an up-to-date inventory of who has access to what.
  • Review access rights quarterly.


The threat landscape evolves constantly, but these fundamental steps will help protect your business from the most common attacks. Remember, cybersecurity isn't a one-time project – it's an ongoing process that requires regular attention and updates.

For small business owners who want to take their security to the next level, consider working with a managed service provider (MSP) who can provide enterprise-grade protection at a small business price point.

By Jon Lober December 12, 2024
“Who’s taking notes at this meeting?”
By Jon Lober November 27, 2024
Online shopping? Here's a few tips to protect your bank account.
Local IT company NOC Technology offers tech support near Greater St. Louis.
By Jon Lober November 22, 2024
The Local Advantage: Why Choosing a Local MSP Really Does Matter
More Articles
Share by: