Basic cybersecurity checklist for small businesses

by Jon Lober | NOC Technology

Protect your business with basic strategies.

As a leader in managed network security services, I've seen firsthand how devastating cyberattacks can be for small businesses. The statistics are sobering: 43% of cyber attacks target small businesses, yet many lack basic security measures. The good news? You don't need a massive IT budget to significantly improve your cybersecurity posture.

Here are 8 essential steps I believe every small business owner should take to protect their digital assets.


1. Implement Strong Password Policies

  • Require your staff to use high quality passwords. The best passwords are at least 12 characters, and use a combination of upper/lowercase letters, numbers, and symbols.
  • Mandate password changes every 90 days, or every 180 for long passwords (over 15 characters). Because this can make remembering passwords a challenge, consider deploying a password manager for your team (Keeper Security is a great option— we recommend it to all our clients).


2. Enable Multi-Factor Authentication (MFA)

This simple step reduces the risk of account breaches by 99%. Enable MFA on all crucial accounts, including: email accounts, cloud storage services, financial applications, remote access tools, and social media accounts.


3. Keep Software Updated

  • Enable automatic updates on all devices, or create a monthly schedule to check for updates.
  • Replace software that's no longer supported by vendors. Outdated software no longer receives security patches and updates from the vendor, leaving you vulnerable to cyberattack.


4. Back Up Your Data

  • Follow the 3-2-1 rule: three copies of data, on two different types of media, with one copy stored off-site.
  • Test your backups monthly— you don’t want to wait until you need them to find out your backups are not running properly.
  • Store offline copies of business-critical information.


5. Train Your Employees

  • Conduct quarterly security awareness training for your staff, including simulated phishing tests and password update reminders.
  • Create clear security policies and procedures, including an incident reporting process.


6. Secure Your Network

Did your boss ask you to set up a secure computer network, but you're not really the IT guy? Here's the basic steps you should take to secure the office network:

  • Use a business-grade firewall to secure your network.
  • Separate guest and business WiFi networks, and encrypt wireless networks with WPA3.
  • Regularly change network passwords, and make sure to disable unused network ports.


7. Plan for Cyber Incidents

Research indicates that businesses are five times more likely to experience a cyberattack than a fire, so it is imperative that you create a cyber incident response plan as a part of your business emergency planning. Think of it this way: it’s just as important that staff know who and what to report if they suspect a cyberattack as it is for them to know where to go in the event of a fire. You can also prepare your business for a cyber incident by:


  • Keeping printed copies of critical procedures
  • Maintaining a cybersecurity insurance policy


8. Control Access

  • Give employees only the access they need to do their jobs.
  • Remove access immediately when employees leave.
  • Maintain an up-to-date inventory of who has access to what.
  • Review access rights quarterly.


The threat landscape evolves constantly, but these fundamental steps will help protect your business from the most common attacks. Remember, cybersecurity isn't a one-time project – it's an ongoing process that requires regular attention and updates.

For small business owners who want to take their security to the next level, consider working with a managed service provider (MSP) who can provide enterprise-grade protection at a small business price point.

best office pranks for April Fools 2025
By Jon Lober March 31, 2025
Need April Fools pranks for your office? This list is technically harmless, but great fun. Happy pranking!
Windows 10 will reach end of life in October 2025
By Jon Lober March 20, 2025
October 14, 2025, marks a significant milestone in the technology world: Windows 10 will officially reach its end of life.
Complete IT department for Missouri SMBs
By Jon Lober March 5, 2025
Springfield, MO: we think it's time for one-fee IT. Learn about our award-winning IT support for small to midsize businesses right here in Missouri.
More Articles
Share by: