Basic cybersecurity checklist for small businesses
by Jon Lober | NOC Technology
Protect your business with basic strategies.
As a leader in managed network security services, I've seen firsthand how devastating cyberattacks can be for small businesses. The statistics are sobering:
43% of cyber attacks target small businesses, yet many lack basic security measures. The good news? You don't need a massive IT budget to significantly improve your cybersecurity posture.
Here are 8 essential steps I believe every small business owner should take to protect their digital assets.
1. Implement Strong Password Policies
- Require your staff to use high quality passwords. The best passwords are at least 12 characters, and use a combination of upper/lowercase letters, numbers, and symbols.
- Mandate password changes every 90 days, or every 180 for long passwords (over 15 characters). Because this can make remembering passwords a challenge, consider deploying a password manager for your team (Keeper Security is a great option— we recommend it to all our clients).
2. Enable Multi-Factor Authentication (MFA)
This simple step reduces the risk of account breaches by 99%. Enable MFA on all crucial accounts, including: email accounts, cloud storage services, financial applications, remote access tools, and social media accounts.
3. Keep Software Updated
- Enable automatic updates on all devices, or create a monthly schedule to check for updates.
- Replace software that's no longer supported by vendors. Outdated software no longer receives security patches and updates from the vendor, leaving you vulnerable to cyberattack.
4. Back Up Your Data
- Follow the 3-2-1 rule: three copies of data, on two different types of media, with one copy stored off-site.
- Test your backups monthly— you don’t want to wait until you need them to find out your backups are not running properly.
- Store offline copies of business-critical information.
5. Train Your Employees
- Conduct quarterly security awareness training for your staff, including simulated phishing tests and password update reminders.
- Create clear security policies and procedures, including an incident reporting process.
6. Secure Your Network
Did your boss ask you to set up a secure computer network, but you're not really the IT guy? Here's the basic steps you should take to secure the office network:
- Use a business-grade firewall to secure your network.
- Separate guest and business WiFi networks, and encrypt wireless networks with WPA3.
- Regularly change network passwords, and make sure to disable unused network ports.
7. Plan for Cyber Incidents
Research indicates that businesses are five times more likely to experience a cyberattack than a fire, so it is imperative that you create a cyber incident response plan as a part of your business emergency planning. Think of it this way: it’s just as important that staff know who and what to report if they suspect a cyberattack as it is for them to know where to go in the event of a fire. You can also prepare your business for a cyber incident by:
- Keeping printed copies of critical procedures
- Maintaining a cybersecurity insurance policy
8. Control Access
- Give employees only the access they need to do their jobs.
- Remove access immediately when employees leave.
- Maintain an up-to-date inventory of who has access to what.
- Review access rights quarterly.
The threat landscape evolves constantly, but these fundamental steps will help protect your business from the most common attacks. Remember, cybersecurity isn't a one-time project – it's an ongoing process that requires regular attention and updates.
For small business owners who want to take their security to the next level, consider working with a managed service provider (MSP) who can provide enterprise-grade protection at a small business price point.

