← Back to Resources

Small Business Cybersecurity Checklist

If you run a 5-20 person business in Northern Colorado, this checklist covers the cybersecurity basics you should probably be doing. No paranoia, no selling you expensive security suites—just sensible stuff that actually helps.

Passwords & Authentication

  • Require strong passwords for all work accounts (12+ characters, mix of types)
  • Use a password manager like Bitwarden, 1Password, or LastPass to store passwords securely
  • Enable two-factor authentication (2FA) on all critical accounts (email, banking, cloud storage)
  • Don't share passwords between employees—each person gets their own account
  • Change passwords immediately when an employee leaves

Backups

  • Back up critical data daily (client files, financial records, databases)
  • Keep one backup offsite (cloud storage or external drive at a different location)
  • Test your backups quarterly to make sure you can actually restore them
  • Encrypt backup data so thieves can't read it if they steal your backup drive

Wi-Fi & Network Security

  • Change the default admin password on your router
  • Use WPA3 or WPA2 encryption on your Wi-Fi (not WEP or "open")
  • Create a guest Wi-Fi network for visitors (separate from your work network)
  • Hide sensitive network shares from unauthorized employees
  • Consider a business firewall if you handle sensitive customer data

Phishing & Email Security

  • Train employees to spot phishing emails (unexpected links, urgent language, misspellings)
  • Enable spam filtering on your email system
  • Never open attachments from unknown senders
  • Verify unusual requests by calling the person directly (not replying to the email)

Software Updates & Patching

  • Enable automatic Windows updates on all work computers
  • Keep browsers updated (Chrome, Edge, Firefox auto-update by default)
  • Update business software monthly (QuickBooks, Adobe, Office, etc.)
  • Replace old computers running unsupported operating systems (like Windows 7)

Device Management

  • Require login passwords on all work computers and phones
  • Enable device encryption (BitLocker on Windows, FileVault on Mac)
  • Lock screens after 10 minutes of inactivity
  • Install antivirus software and keep it updated (Windows Defender is fine for most businesses)
  • Wipe devices before disposing or selling them

What If This Feels Overwhelming?

If you looked at this checklist and thought "I have no idea how to do half of these," that's totally normal. Most small business owners aren't IT people, and that's fine.

You have a few options:

  • Tackle it gradually. Pick three items to fix this month, then three more next month.
  • Get help from managed IT. This is exactly the kind of stuff I handle for managed clients so they don't have to worry about it.
  • Call me for a one-time security audit. I'll walk through your setup, tell you what's actually risky (vs what's just paranoia), and help you prioritize.

Need Help with Cybersecurity?

I can walk through your setup, help you prioritize what actually matters, and get you set up properly. No scare tactics, just practical advice.

Text Me: (970) 305-5125 Schedule Consultation