Small Business Cyber Hygiene Series: Part 12: Cyber‑Hygiene Checklist (A One‑Page Summary)

Introduction

Cybersecurity isn’t just for businesses—it’s for anyone who wants to stay safe online. The most effective protections come from simple, consistent habits, and this series has covered them all.

This one‑page checklist pulls everything together so you can review, share, and apply the essentials—whether you’re securing a small business or your own digital footprint.

Cyber Hygiene Checklist

1. Identify — Know What You Have

  • Keep an up‑to‑date list of devices
  • Track software, apps, and cloud services
  • Know where your important data lives
  • Remove old or unused accounts and devices

2. Protect Access — Passwords, MFA, and Accounts

  • Use strong, unique passwords
  • Turn on MFA everywhere
  • Use a password manager
  • Limit admin access
  • Review accounts quarterly

3. Secure Your Devices — Updates, Antivirus, Hardening

  • Turn on automatic updates
  • Restart devices weekly
  • Use modern antivirus/endpoint protection
  • Enable full‑disk encryption
  • Require screen locks and strong logins
  • Remove unused apps

4. Back Up What Matters — The 3‑2‑1 Rule

  • Keep 3 copies of your data
  • Store on 2 different types of media
  • Keep 1 copy offsite or offline
  • Test restoring files quarterly

5. Defend Your Inbox — Phishing & Email Security

  • Turn on spam and phishing filters
  • Enable MFA for email
  • Watch for suspicious links and attachments
  • Verify unexpected requests
  • Review forwarding rules quarterly

6. Monitor for Trouble — Detection Basics

  • Enable alerts for unusual sign‑ins
  • Check antivirus notifications
  • Review cloud‑storage activity
  • Monitor for new inbox rules
  • Review logs monthly

7. Respond Effectively — When Something Goes Wrong

  • Stop and contain the issue
  • Disconnect affected devices
  • Change passwords if accounts are involved
  • Notify the right people
  • Document what happened
  • Remove the threat before reconnecting

8. Recover Quickly — Getting Back to Normal

  • Restore from clean backups
  • Rebuild devices if needed
  • Test systems after recovery
  • Communicate clearly with employees
  • Document lessons learned

9. Build a Security‑First Culture

  • Encourage questions — no blame
  • Share monthly security tips
  • Train employees on phishing
  • Recognize good security behavior
  • Include security in onboarding

10. Use AI Safely

  • Don’t share sensitive information with AI tools
  • Use only approved, trusted platforms
  • Review AI‑generated content
  • Keep AI use transparent
  • Update AI‑use guidelines regularly

11. Monthly, Quarterly & Annual Checklist

Monthly

  • Restart devices
  • Confirm backups ran successfully
  • Review sign‑in activity
  • Check antivirus alerts
  • Share a short security tip

Quarterly

  • Test restoring a file from backup
  • Review email‑forwarding rules
  • Review device hardening settings
  • Update your list of accounts and apps
  • Refresh short training or scenarios

Annually

  • Conduct a recovery drill
  • Update your cyber‑hygiene plan
  • Refresh onboarding materials
  • Review lessons learned
  • Replace outdated devices

Key Takeaway

Cybersecurity isn’t about perfection — it’s about consistency. With simple habits, clear expectations, and a few essential tools, any small business can dramatically reduce its risk and build long‑term resilience.

This checklist is your roadmap. Use it, share it, and revisit it often.

Need Help Implementing These Practices?

SQ Risk helps small businesses build simple, sustainable cybersecurity programs aligned with NIST CSF and real‑world needs.

Contact SQ Risk for a consultation

Revisit the series from the start!

Small Business Cyber‑Hygiene Series

A practical, step‑by‑step guide based on NIST CSF + CIS Controls IG1.

Complete Series:

  1. Introduction: Why Cyber‑Hygiene Matters
  2. Know What You Have (Identify)
  3. Protect Access: Passwords, MFA, and Accounts
  4. Secure Your Devices — Updates, Antivirus, and Hardening
  5. Back Up What Matters — The 3‑2‑1 Rule
  6. Defend Your Inbox — Phishing & Email Security
  7. Monitor for Trouble — Detection Basics
  8. Respond Effectively — What To Do When Something Goes Wrong
  9. Recover Quickly — Getting Back to Normal
  10. Build a Security‑First Culture
  11. Safe Use of AI for Small Businesses
  12. Cyber‑Hygiene Checklist — A One‑Page Summary (You are here)
©2026 SQ Risk Management Solutions LLC. All rights reserved.