SMBs are targets. Phishing, backups, MFA, and incident response — the essentials for a small business.
Users
- [ ] MFA on email, VPN, and critical tools
- [ ] Short training: phishing and how to report
- [ ] Clear policy: who to call for suspicious email
- [ ] Departures: access cut same day
Endpoints and network
- [ ] Windows up to date (security patches)
- [ ] Antivirus / Defender active and monitored
- [ ] Guest Wi-Fi separated from business network if possible
- [ ] No Windows Home in production
Backups
- [ ] 3-2-1 rule understood and applied
- [ ] Third-party Microsoft 365 backup in place
- [ ] Restore test within last 90 days
- [ ] Offsite or encrypted cloud copy
Incidents
- [ ] Emergency IT phone / email posted for staff
- [ ] Simple procedure: isolate, preserve, call, document
- [ ] Ransomware scenario discussed (don't pay without advice)
Next step
Request a free assessment — security review sized for your business.