Small Business IT Security Plan (A to Z)

๐Ÿ”น A. Assess Your Risks

  • Identify key assets: customer data, financials, IP, devices

  • Understand threats: phishing, ransomware, human error, data loss

  • Use a basic cyber risk assessment checklist to start

๐Ÿ”น B. Baseline IT Hygiene

  • Ensure all devices are:

    • Running Windows 10/11 Pro or up-to-date macOS

    • Using current antivirus software

    • Free from unused software

  • Enforce strong password policies and regular updates

๐Ÿ”น C. Cloud Configuration & M365 Setup

  • Use Microsoft 365 Business Premium

    • Includes Office apps, Intune, OneDrive, SharePoint

    • Exchange Online Protection (email filtering)

  • Enforce Multi-Factor Authentication (MFA)

๐Ÿ”น D. Device Management

  • Enroll devices in Intune

    • Apply security policies (BitLocker, antivirus, lock screen)

    • Require compliant devices for access

    • Enable remote wipe/lock

๐Ÿ”น E. Email & Phishing Protection

  • Enable Advanced Threat Protection (ATP)

  • Use Safe Links and Safe Attachments

  • Provide monthly phishing awareness training

  • Set up admin alerting for suspicious activity

๐Ÿ”น F. Firewall & Network Setup

  • Use a business-grade router/firewall

    • Ubiquiti, Fortinet, WatchGuard recommended

    • Configure VLANs for separation

    • Auto-update firmware

  • Add DNS-level filtering (e.g., Cisco Umbrella)

๐Ÿ”น G. Govern Data Access

  • Apply least privilege principle

  • Use role-based access controls

  • Audit data access quarterly

๐Ÿ”น H. Have a Backup Plan

  • Implement cloud-to-cloud backup for Microsoft 365 (Acronis, Spanning)

  • Back up key files to an encrypted external drive monthly

  • Test data recovery every 6 months

๐Ÿ”น I. Incident Response Plan

  • Draft a simple breach response playbook

    • Define who, what, when, how

  • Assign key response roles

  • Include contact details for IT support and authorities

๐Ÿ”น J. Join External Support Networks

  • Subscribe to national cyber threat alerts (e.g., CERT NZ, ACSC)

  • Join online small business IT security forums

๐Ÿ”น K. Keep Everything Up to Date

  • Enable auto-updates on:

    • Windows/macOS

    • Office 365

    • Routers/firewalls

    • Third-party software

  • Run monthly patch reviews

๐Ÿ”น L. Legal & Compliance

  • Publish a Privacy Policy and IT Use Policy

  • Ensure compliance with Privacy Act, GDPR (if applicable)

  • Add disclaimers and security notices to email footers

๐Ÿ”น M. Monitor & Improve

  • Use Microsoft Secure Score for ongoing assessment

  • Review logs: sign-ins, access, compliance issues

  • Perform quarterly audits and policy reviews

๐Ÿ”น Optional Enhancements

  • Add Endpoint Detection & Response (EDR)

  • Deploy a Password Manager (e.g., Bitwarden, 1Password)

  • Consider Cyber Insurance

  • Use Security Awareness Training (e.g., KnowBe4)

Get InTouch with us

Weโ€™d love to hear from you! Whether you have questions about our services, need assistance, or want to provide feedback, weโ€™re here to help.

Click here
Get started - Request a Quote