← Back to Blog

The Small Business Cybersecurity Checklist You Actually Need

You don't need a $10,000 security audit. You need 30 minutes and this checklist.

Most small business cyberattacks succeed not because of sophisticated hacking — but because basic protections weren't in place. Here's what to do about it.

The 15-Minute Quick Wins

Do these today. Seriously, right now:

1. Turn On Multi-Factor Authentication (MFA)

Enable MFA on every account that offers it — especially email, banking, and cloud storage. This single step blocks 99% of automated attacks.

How: Go to your account settings → Security → Two-factor authentication. Use an authenticator app (Google Authenticator, Microsoft Authenticator) instead of SMS when possible.

2. Check Your Password Situation

  • Are you reusing passwords? Stop.
  • Are passwords shorter than 12 characters? Too short.
  • Using a password manager? If not, start today.
Recommended: Bitwarden (free tier is excellent) or 1Password ($3/month).

3. Update Everything

Run updates on your operating system, browser, and all business software. Enable automatic updates wherever possible. Most breaches exploit known vulnerabilities that patches already fixed.

The 15-Minute Deep Dive

4. Back Up Your Data

Follow the 3-2-1 rule:
  • 3 copies of your data
  • 2 different storage types (e.g., local drive + cloud)
  • 1 copy offsite (cloud backup counts)
Easy setup: Turn on OneDrive, Google Drive, or Dropbox automatic backup for your Documents folder. That's your cloud copy handled.

5. Secure Your Wi-Fi

  • Change the default router password (admin/admin is not security)
  • Use WPA3 encryption (or WPA2 at minimum)
  • Create a guest network for visitors and IoT devices
  • Hide your network name (SSID) if you want extra privacy

6. Review Who Has Access to What

  • List every service and app your business uses
  • Check who has admin access — remove anyone who shouldn't
  • Disable accounts for former employees or contractors immediately
  • Review shared folders and documents for over-sharing

7. Set Up Email Protection

  • Enable spam filtering (most providers have this built in)
  • Learn to spot phishing: hover over links before clicking, verify sender addresses
  • Never open unexpected attachments, even from known contacts
  • Set up email alerts for logins from new devices

The Monthly Maintenance

8. Run This Checklist Monthly

Set a calendar reminder. Every month:
  • [ ] Check for software updates
  • [ ] Review active user accounts
  • [ ] Verify backups are running
  • [ ] Review bank and credit card statements for unauthorized charges
  • [ ] Check your email for breach notifications (haveibeenpwned.com)

Want This Done For You?

AI IT Guy includes a monthly security checklist tailored to your specific setup — not a generic list, but recommendations based on the tools and services you actually use.

Get your personalized security checklist — $29/month →

Need IT Help Right Now?

AI IT Guy gives you unlimited IT support starting at $29/month. No contracts, no jargon.

Get Started — $29/month