IT-Bros

No fluff—quick guides you can actually use.

www.it-bros.net Call 608-352-8026

Small-Biz Cyber Baseline

A practical checklist for small businesses. If you do just these basics, you’ll prevent most common breaches (phishing, ransomware, account takeover) and reduce downtime.

Passwords
MFA
Backups
Updates
Email Security
Endpoint Protection
Policies

What this baseline covers

The “must-have” controls every business should implement, regardless of size. This is the foundation before you spend money on anything fancy.

Account Protection Ransomware Readiness Email & Phishing Defense Recovery & Backups

How to use it

Treat this as a checklist. If you don’t know whether something is in place, that usually means it isn’t. Start with the items marked “non-negotiable.”

Print it Assign an owner Review quarterly Test backups

1) Accounts & Access (Non-Negotiable)

Goal: stop account takeover and “one click” breaches.
Turn on Multi-Factor Authentication (MFA) for all users Email, Microsoft 365, admin portals, VPN, remote access—everything. This alone blocks the majority of common attacks.
Use a password manager + unique passwords One password reused across systems is all an attacker needs. Password managers make strong passwords easy.
Limit administrator accounts Admins should have a separate admin login, used only when necessary. No daily browsing/email on admin accounts.
Remove access for terminated employees immediately Disable accounts the same day. Review shared mailbox and file access afterward.

2) Backups & Recovery (Ransomware Survival)

Goal: if ransomware hits, you can restore fast.
Follow the 3-2-1 backup rule 3 copies of data, on 2 different media, with 1 off-site or immutable copy.
Test restores monthly Backups aren’t real until you’ve restored a file and confirmed it works.
Protect backups from deletion Use immutable storage, separate credentials, and MFA. Attackers often delete backups first.
Define recovery targets Know your acceptable downtime (RTO) and acceptable data loss (RPO). Build backup strategy around that.

3) Updates & Patch Management

Goal: close common “known vulnerability” holes.
Enable automatic OS updates Windows/macOS updates should be enforced. Patch delays are a top cause of breaches.
Patch third-party apps Browsers, Java, Adobe, Zoom, Chrome/Edge extensions—keep them current.
Firmware updates for firewalls, switches, and WiFi Network gear needs maintenance too—especially firewalls.

4) Email & Phishing Defense

Goal: reduce phishing clicks and spoofing.
Enable email filtering + safe link protection Block known malicious senders and scan links/attachments before users open them.
Set up SPF, DKIM, and DMARC Stops attackers from spoofing your domain and improves deliverability.
Train employees (short, consistent) 5–10 minutes monthly beats one long annual training. Teach them to report suspicious emails.

5) Endpoint Protection (Devices)

Goal: stop malware, persistence, and data theft.
Use modern endpoint security (EDR) Antivirus alone isn’t enough. EDR detects suspicious behavior and helps contain threats.
Encrypt laptops If a laptop is lost or stolen, encryption keeps data protected.
Remove local admin rights for daily users Most malware needs elevated rights. Limiting admin privileges reduces impact.

6) Network Basics

Goal: keep threats from spreading.
Business-grade firewall with monitoring Block risky traffic, detect threats, and keep logs for investigation.
Separate guest WiFi from business devices Guests should never share the same network as business systems.
Secure remote access No exposed RDP. Use VPN + MFA, or managed remote tools with tight controls.

7) Policies & “What if we get hit?”

Goal: respond fast and limit damage.
Have an incident response plan (1 page is enough) Who do you call? How do you isolate devices? Where are backups? Who talks to customers?
Keep an emergency contact list offline If email is down, you need phone numbers and vendor access stored elsewhere.
Quarterly access review Confirm who has access to what (especially shared folders and admin roles).
Want help checking these off the list?
IT-Bros can run a fast, no-hassle Cyber Baseline review and show you the biggest gaps to fix first.
Call 608-352-8026 Visit www.it-bros.net
IT-Bros • Want a free baseline check? Call 608-352-8026 or visit it-bros.net
Website Call Now