Security60 minutesStarter

Small Business Security Checklist

A plain-English security checklist for accounts, passwords, devices, data access, backups, vendors, and incident response.

Built for: Small businesses that store customer data, payment records, login credentials, or operational documents.

Small business security checklist with laptop lock screen, account controls, keys, and review notes.

Public guide

A starter security baseline using FTC, CISA, NIST, and SBA guidance.

This page gives you the working version: sequence, checklist, and official resources. The full kit adds prompts, a deeper worksheet, and implementation notes for your inbox.

Get the full kit

Keep reading for the public guide, or send the kit when you want the worksheet and prompt pack.

Reduce obvious account and data risks
Create an owner-friendly security baseline
Document what to do when something suspicious happens

Run the guide

Work through it in order.

Lock down the basics

Most small businesses need a repeatable baseline before buying advanced security products.

Turn on multi-factor authentication for email, banking, CRM, website, and ad accounts.
Use a password manager and remove shared passwords from chats, docs, and spreadsheets.
List every person with access to customer, payment, website, or ad systems.
Patch laptops, phones, browsers, website software, and core business apps.

Prepare for the bad day

A simple incident plan reduces panic and helps the business respond faster.

Write who to call for website, email, banking, legal, insurance, and IT issues.
Back up critical files and test that one restore actually works.
Write an offboarding checklist for employees, contractors, and vendors.
Document how you will notify customers or partners if data may be affected.

Final pass

Before you call it done

MFA enabled
Password manager in use
Access list reviewed
Backups tested
Incident contacts written

Useful resources

Current links to verify the details.

Why this guide exists

Every guide is pulled from a live client engagement. If it is in here, we have run it, measured it, and watched it hold up in the field.

Full guide kit

The public guide is useful on its own. Submit the form and we send the expanded kit with prompts, worksheet structure, and implementation notes.

Small Business Security Checklist Full Kit

Full checklist with deeper implementation steps
Prompt pack for ChatGPT, Claude, Gemini, or another model
Editable worksheet structure for your business context
Implementation notes for the first pass

Email, banking, website, ad, and CRM accounts should get MFA first.
Backups only count after a restore is tested.
Security needs an owner and an offboarding process.

Get the full kit

Prefer to walk through it live?

Book a working call. Thirty minutes, mapped to your situation.

Book a Strategy Call Get in touch