Windows Autopatch: Some admins may have seen Quality and Feature Update reports incorrectly showing "SYSTEM_SCRUBBED" in Windows Autopatch (incident).
View Microsoft 365 Status
Get Started
Need IT support or a security review?
Talk with OpenTech about managed IT, cybersecurity, Microsoft 365, or urgent support.
Request Service Create Ticket
Security Checklist

Small business cybersecurity checklist

Use this practical checklist to review your current security posture across identity, Microsoft 365, endpoints, backups, and incident readiness.

Free IT Assessment Cybersecurity Services
MFA Email Security Backups Incident Readiness
How to use this page

Start with your biggest risks

Not every business needs the same controls at the same time. Start with the basics that reduce the highest real-world risks first: MFA, email protection, patching, endpoint security, and tested backups.

What this helps with

Reduce common business risk

  • Phishing and account compromise
  • Weak Microsoft 365 security settings
  • Unpatched devices and preventable outages
  • Poor backup and restore readiness
  • Confusion during a security incident
Checklist

Identity & Access

  • Enable MFA for Microsoft 365 and all critical accounts.
  • Review admin accounts and remove unnecessary privileged access.
  • Use strong, unique passwords and a password manager.
  • Disable inactive user accounts promptly.
  • Apply least-privilege access wherever possible.
Checklist

Email & Microsoft 365

  • Review mailbox security settings and sign-in protections.
  • Configure SPF, DKIM, and DMARC for your domains.
  • Train users to recognize phishing and suspicious attachments.
  • Review forwarding rules and suspicious mailbox changes.
  • Secure Teams, SharePoint, and OneDrive sharing settings.
Checklist

Endpoints & Devices

  • Keep operating systems and applications patched.
  • Use endpoint protection on business devices.
  • Encrypt laptops and mobile devices where possible.
  • Restrict local administrator rights on user workstations.
  • Retire or isolate unsupported systems.
Checklist

Backups & Recovery

  • Maintain reliable backups for critical business data.
  • Test restores regularly, not just backup jobs.
  • Document recovery priorities and key systems.
  • Protect backups from ransomware exposure.
  • Know who is responsible for recovery decisions.
Checklist

Policies & Readiness

  • Document basic incident response steps.
  • Define who to contact during a security event.
  • Review vendor and cyber insurance security requirements.
  • Provide regular security awareness reminders to staff.
  • Identify your highest-risk business systems and workflows.
Next step

Want help working through this checklist?

If your business needs help reviewing Microsoft 365, tightening access controls, validating backups, or improving cybersecurity priorities, OpenTech can help.

Free IT Assessment Request Service