Small Business Cyber Hygiene Series: Part 7: Monitor for Trouble (Detection Basics)

Introduction

Even with solid protections, nothing is completely secure. Threats change, people make mistakes, and attackers are always probing for weaknesses. Whether you’re running a small business or managing your personal digital life, monitoring helps you spot suspicious activity early—before it becomes something serious.

The good news: you don’t need expensive tools or a security operations center. Most small businesses and individuals can monitor effectively using built‑in features and simple routines.

Why Monitoring Matters

Monitoring is your early‑warning system. It helps you detect:

  • Suspicious sign‑ins
  • Malware activity
  • Unauthorized access
  • Unusual file changes
  • Unexpected device behavior
  • Email forwarding rules created by attackers

Early detection:

  • Reduces damage
  • Speeds up response
  • Helps prevent data loss
  • Supports compliance with NIST CSF, CIS Controls, and FTC Safeguards

Monitoring is one of the most overlooked — yet most important — cyber‑hygiene practices.

What Good Monitoring Looks Like

A small business with strong monitoring typically has:

  • Alerts enabled for unusual sign‑ins
  • Antivirus notifications turned on
  • Email security alerts active
  • Logs available for key systems
  • A simple process for reviewing activity
  • A clear plan for what to do when something looks suspicious

You don’t need to watch dashboards all day — just build consistent habits.

How to Monitor for Trouble (Step‑by‑Step)

1. Turn On Security Alerts

Most platforms include built‑in alerts — they just need to be enabled.

Enable alerts for:

  • Unusual sign‑ins
  • Password reset attempts
  • New device logins
  • Email forwarding rules
  • Malware detections
  • Suspicious file activity

Where to enable them

  • Microsoft 365 Security Center
  • Google Workspace Admin Console
  • Antivirus or endpoint protection dashboard
  • Cloud storage (OneDrive, Google Drive, Dropbox)

These alerts give you early visibility into potential issues.

2. Monitor Sign‑In Activity

Attackers often test stolen passwords quietly before launching a full attack.

Look for:

  • Sign‑ins from unfamiliar locations
  • Multiple failed login attempts
  • Logins at unusual times
  • New devices accessing accounts

If something looks off, change the password and require MFA immediately.

3. Watch for Email Account Abuse

Email is a common target for attackers.

Check for:

  • New inbox rules you didn’t create
  • Auto‑forwarding to unknown addresses
  • “Impossible travel” sign‑ins
  • Alerts about blocked messages

These are often signs of account compromise.

4. Monitor Device Health

Your devices will often warn you when something is wrong.

Pay attention to:

  • Antivirus alerts
  • Disabled security features
  • Unexpected restarts
  • Slow performance or overheating
  • Unknown apps installed

If a device behaves strangely, investigate — it may be infected or compromised.

5. Monitor Cloud Storage and Shared Drives

Cloud storage tools often include activity logs.

Look for:

  • Large numbers of file deletions
  • Files being encrypted or renamed
  • New sharing links you didn’t create
  • Access from unknown devices

These can be early signs of ransomware or unauthorized access.

6. Keep Basic Logs

You don’t need a full logging system; just keep what matters.

Minimum logs to retain:

  • Email sign‑in logs
  • Device security logs
  • Antivirus logs
  • Cloud storage activity logs

Logs help you understand what happened if something goes wrong.

Monitoring Checklist

Monthly

  • Review sign‑in activity
  • Check antivirus alerts
  • Review cloud storage activity
  • Confirm email forwarding rules

Quarterly

  • Review security settings
  • Confirm alerts are still enabled
  • Check device health and update status
  • Review shared drive permissions

Annually

  • Refresh your monitoring plan
  • Update alert settings as your business grows
  • Review logs retention and storage

Key Takeaway

Monitoring doesn’t have to be complicated. With a few simple alerts and regular check‑ins, you can spot suspicious activity early and prevent small issues from becoming major incidents. Early detection is one of the most powerful — and accessible — cyber‑hygiene practices for small businesses.

Need Help Setting Up Monitoring?

SQ Risk helps small businesses build simple, sustainable monitoring practices aligned with NIST CSF and real‑world needs.

Contact SQ Risk for a consultation

Continue to the next article in the series

Small Business Cyber‑Hygiene Series

Start Here:

  1. Introduction: Why Cyber‑Hygiene Matters
  2. Know What You Have (Identify)
  3. Protect Access: Passwords, MFA, and Accounts
  4. Secure Your Devices — Updates, Antivirus, and Hardening
  5. Back Up What Matters — The 3‑2‑1 Rule
  6. Defend Your Inbox — Phishing & Email Security
  7. Monitor for Trouble — Detection Basics (You are here)

Next Articles:
8. Respond Effectively — What To Do When Something Goes Wrong
9. Recover Quickly — Getting Back to Normal
10. Build a Security‑First Culture
11. Bonus: Safe Use of AI for Small Businesses
12. Cyber‑Hygiene Checklist: A One‑Page Summary

©2026 SQ Risk Management Solutions LLC. All rights reserved.