The small-business cybersecurity checklist — no jargon, no sales call.
A fillable baseline across the eight areas that actually matter for a small business. Score each item, add up your maturity, and see exactly what to fix first. Most of it is free or already in tools you pay for.
What's inside
Eight areas. Every control that earns its place.
Work down the list, mark each item Done / Partial / Not yet, and the priorities sort themselves. Redo it every quarter to watch your posture improve.
- 1Identity & access (MFA, accounts, offboarding)
- 2Devices & endpoints (EDR, patching, encryption)
- 3Email & phishing (filtering, DMARC, training)
- 4Data & backup (3-2-1, tested restores)
- 5Network & remote access
- 6Cloud (Microsoft 365 / Google Workspace)
- 7Monitoring & incident response
- 8People & governance (training, vendors, insurance)
- 9Maturity score & priority next steps
The checklist is a printable web document. Use your browser's Print → Save as PDF to keep an offline copy.
Why this matters
Most breaches exploit the basics. This is the basics.
You can't fix what you haven't listed
Most SMBs do some of the right things and miss a few that matter a lot. Seeing the whole baseline in one place is how the gaps become obvious.
The 80/20 of real protection
Not a 200-control enterprise framework — the baseline that stops the attacks that actually hit small businesses. Most of it is free or already in your subscriptions.
Proof for insurers, clients & yourself
A completed, dated checklist is evidence for a cyber-insurance renewal, a customer security questionnaire, or your own peace of mind that nothing obvious is open.
Want us to score it with you?
Book a free 30-minute assessment and we'll walk the checklist against your environment, then hand you a one-page roadmap of what to fix first — even if you never work with us.
