Cybersecurity check list for small and medium businesses

 In Cybersecurity Blog

Given the wide variety of business types and sectors, we often get asked the question, what cybersecurity does my small and medium business (SMBs) need?  The good news is that many small and medium business have common elements of operation and this enables us to provide a Cybersecurity check list for majority of SMBs.

Before we begin to provide the cybersecurity check list for small and medium business, lets answer these 2 key questions;

Who is a SMB?, and,

What is digital adoption by SMBs?

Who is a SMB?

Lets start by defining which businesses are considered small and medium businesses (SMBs). One way to categorize businesses is by employee count. If the business has 1-499 employees, then it’s considered to be a Small and Medium Business. SMB account for 98% of the Canadian economy and 70% of the US economy and therefore they’re an important segment of the economy.

SMB - by employee
1 %
Canada SMB - % of businesses
USA SMB - % of businesses

What is digital adoption by SMB?

Many SMBs are using digital technologies to provide goods and services to their customers. Here are some examples that illustrate how businesses have adopted digital technologies;

  1. Using email or social media to communicate with customers
  2. Enabling remote working employees
  3. Using e-commerce website to sell goods
  4. Storing and transferring customer information using storage services like Dropbox
  5. Using mobile devices to record information such as inventory and sales
  6. Cloud applications to provide accounting and taxes services

From the above examples its evident that many businesses adopt digital technologies to enhance the services. We can create a digital operations footprint that lists commonly used digital technologies by SMBs;

Cloud Email: G Suite/Microsoft 365 email

End points:  Laptops/Desktops


On-premise physical servers

Cloud Servers – Public (eg. AWS/Azure/GCP)

Cloud Servers – Private (eg. HyperV/VMware)

Mobile Device: Smart phones (eg. Andrio/iOS )

Wifi Services: Guest hotspots/corp networks

Cloud Storage: Gusite/OneDrive/Dropbox/Box …

You’ll recognize the digital technology category along with the commercial digital product/service being used by SMBs. Some may add or subtract digital services to fit their requirement. Our goal now is to secure the SMBs digital footprint using cybersecurity services and solutions.

Cybersecurity check list for SMB:

Now that we understand who SMBs are and how they’re operating, we can tackle the question, what is cybersecurity checklist for SMBs?

Cybersecurity check list is based on security principal called DEFENCE IN DEPTH. This principal calls for multi-layer security to be present such that if one layer is compromised, the next can mitigate the threat.

Let’s start cybersecurity the checklist for SMBs;

  1. Incident Response Plan – Have an Incident Response Plan (IRP) ready
  2. Email security – provides protection from BEC, phishing, spam, malware, malicious URLS
  3. Endpoint security – provide from malware, exploits, cryptojacking
  4. Server security (on-premise/public cloud/priv cloud) – Secure services whether on-premise or hosted in public providers (AWS, Azure..)
  5. Patch Server and Applications – Patching should be kept updated
  6. Perimeter security – NextGen Firewall provides perimeter security such URL filtering, malware, IPS
  7. Wifi security – Prevents unauthorized wifi access and wifi security
  8. Cloud service security – Cloud services as known as SaaS should be secured (eg. Dropbox/QuickBooks)
  9. IAM (Identity and Access Management) – Provide user authentication to control access to business resources
  10. Mobile Device Security – Smart phones, tablets, and ipad should be secured
  11. Secure Portable Media – USB drives and other forms of portable drives should secured
  12. Security Monitoring and Incident Response – Provides monitoring, detection and response of cyber threats and attacks
  13. Backups – Systems should be backed up regularly
  14. Employee Training – Educate employee in cybersecurity awareness training

The above layers of security when applied to a small and medium business enables to reduce the business risk. The scale of each will vary based on the size of business.

We are continuously helping business start their journey to implement the cybersecurity checklist. Contact us to get started today!

Recommended Posts
Securing SMB in a recessionCyber security essentials for Home Office