Small Business Cyber Security Checklist

Use this Small Business Cyber Security Checklist to secure accounts, protect your devices and information, and train your staff on IT security.

Small Business Cyber Security Checklist



Activate Group Policy Lockout

1. Is the setting that locks out accounts after a certain number of failed attempts within a given period activated?


Photo Comment
Two-factor Authentication (2FA)

1. Are you protecting your email account with 2FA, and does your email provider, such as Office 365 or Gmail, support this?


Photo Comment

2. Have you audited your online accounts and enabled 2FA for any that support it?


Photo Comment
Review/Replace Vulnerable Legacy Software And Hardware

1. Have you reviewed older software and hardware components connected to your network and downloaded necessary security patches and updates?


Photo Comment

2. Have you replaced any components that are no longer supported by the manufacturer?


Photo Comment
Activate Windows 10 BitLocker

1. Have you turned on Windows 10 BitLocker, which requires an admin account?


Photo Comment

2. Are your BitLocker Recovery Keys backed up?


Photo Comment
Data Backup

1. Is your backup an automatic process? 


Photo Comment

2. Have you performed a restore recently? 


Photo Comment

3. Is the backup data encrypted? 


Photo Comment

4. Does your backup copy data off-site every day? 


Photo Comment

5. Is it automatic or is there an automatic off-site copy? Is it working? And is the backup itself encrypted?


Photo Comment
Install Business-Grade Endpoint Security Software

1. If you haven’t already, have you installed a business-grade endpoint security product, not just an antivirus program, to protect all your systems?


Photo Comment

2. In addition to the endpoint security software installed on your network, is corresponding software installed and regularly updated on each remote device?


Photo Comment
Conduct Security Awareness Training And Testing

1. Do you schedule regular security training for managers and employees, and ensure that new hires receive training beyond their initial onboarding?


Photo Comment

2. Do you test the training, for example, by using a program like KnowBe4’s simulated phishing program?


Photo Comment
Establish And Enforce Password Policy

1. Have you reviewed your network users’ passwords, and reset any that are weak or short?


Photo Comment

2. Are you using your operating system’s password enforcement settings to prevent users from creating weak passwords?


Photo Comment

3. Do you require passwords to be reset periodically — but not too often — such as on an annual basis, to prevent users from creating passwords that are too similar or storing them insecurely?


Photo Comment
Scan Network Firewall And Update Security Subscriptions

1. Are the rules for elements such as Remote Desktop Protocol (RDP) traffic to certain servers or internal computers, and non-secure traffic to internal web servers or phone systems checked?


Photo Comment

2. Do you update your security subscriptions regularly to help inspect traffic going in and out and block malicious activities?


Photo Comment
Review User Accounts And Security Groups

1. Are all user accounts checked and disabled if they are no longer active?


Photo Comment

2. Have you reviewed your “security groups” — groups of users with the same permissions and access to network resources — and made any necessary changes?


Photo Comment
Run Domain Name System (DNS) Lookup

1. Have you run a DNS lookup and confirmed that you have an SPF record to guard against spam and phishing emails that use “spoofing,” which misleads the email recipient about where the email came from?


Photo Comment

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Easy inspection app for your digital checklists

linkedin