Cybersecurity Essentials Checklist

This one‑page checklist covers fundamental security measures every small business should implement. Use it to assess your current posture and prioritise improvements.

Access & Authentication

• Require multi‑factor authentication (MFA) for all remote access and administrative accounts.
• Enforce strong password policies: minimum length, complexity and regular rotation.
• Disable default accounts and remove access for former employees immediately.

Endpoint & Network Security

• Keep operating systems, applications and firmware patched and up to date.
• Install endpoint protection/EDR on all devices and enable real‑time monitoring.
• Configure firewalls and VPNs to restrict inbound and outbound traffic to what is necessary.

Email & Web Protection

• Deploy email filtering to block spam, phishing and malware; turn on anti‑spoofing (SPF, DKIM, DMARC).
• Educate employees on phishing red flags and implement regular awareness training.
• Use DNS filtering to prevent access to malicious websites.

Data Protection & Backup

• Encrypt sensitive data at rest (on servers, laptops and portable drives) and in transit (VPN, TLS).
• Follow the 3‑2‑1 backup rule: keep at least three copies of your data, on two different media, with one copy off‑site.
• Test backup restores regularly to ensure they work when needed.

Policies & Incident Response

• Document acceptable use, BYOD and incident response policies and communicate them to staff.
• Establish a reporting process for security incidents and suspicious emails.
• Review and update policies at least annually or after major changes.

Use this checklist as a starting point and add additional controls tailored to your industry and risk profile.