All resources

Cybersecurity checklist for SMBs

Essentials to protect a small business — phishing, backups, MFA, and incident response.

SMBs are targets. Phishing, backups, MFA, and incident response — the essentials for a small business.

Users

  • [ ] MFA on email, VPN, and critical tools
  • [ ] Short training: phishing and how to report
  • [ ] Clear policy: who to call for suspicious email
  • [ ] Departures: access cut same day

Endpoints and network

  • [ ] Windows up to date (security patches)
  • [ ] Antivirus / Defender active and monitored
  • [ ] Guest Wi-Fi separated from business network if possible
  • [ ] No Windows Home in production

Backups

  • [ ] 3-2-1 rule understood and applied
  • [ ] Third-party Microsoft 365 backup in place
  • [ ] Restore test within last 90 days
  • [ ] Offsite or encrypted cloud copy

Incidents

  • [ ] Emergency IT phone / email posted for staff
  • [ ] Simple procedure: isolate, preserve, call, document
  • [ ] Ransomware scenario discussed (don't pay without advice)

Next step

Request a free assessment — security review sized for your business.

Ready to review your IT setup?

Request a free assessment — we reply within one business day.

Free IT assessment