The 10-Minute Security Check Every Business Owner Should Do This Week
You don’t need to understand firewalls or encryption to take meaningful steps to protect your business. Most of the highest-impact security improvements come down to a handful of basics — and you can check on most of them in under ten minutes.
Work through the following. Be honest.
1. Is multi-factor authentication turned on?
Log into your email, accounting software, and any other system that holds sensitive data. Check whether MFA (also called two-step verification or 2FA) is enabled. If it isn’t, turn it on today. This single step prevents the majority of account takeover attacks — even if a password is stolen.
2. When did you last update your software?
Open your laptop or desktop and check for operating system updates. Check your main business applications too — accounting software, CRM, anything cloud-based. Outdated software is one of the most common ways attackers get in. If updates are sitting waiting, run them.
3. Does everyone use their own login?
Shared accounts — a single email login used by multiple staff members — are a significant risk. If something goes wrong, you have no way of knowing who did what, and compromising one person’s password compromises everyone’s access. Each person should have their own credentials.
4. Where are your backups?
Ask yourself: if your main computer or server failed or was encrypted by ransomware right now, where is your last clean backup? When was it taken? Have you ever actually tested restoring from it? If the answers are vague, your backup situation needs attention.
5. Who has access to what?
Think about former employees. Do they still have access to your systems? Think about your most sensitive files — who can see them? Access should be granted on a need-to-know basis, and it should be removed promptly when someone leaves.
6. Have you spoken to your team about phishing?
Does your team know what a phishing email looks like? Do they know to check the sender address carefully, to not click unexpected links, and to call a supplier directly if they receive an unusual payment request? A five-minute conversation at your next team meeting is worth more than most technical controls.
None of this requires a technical background. It does require about ten minutes and a willingness to be honest about what you find. If any of the above gave you pause, that’s exactly the kind of clarity a proper security assessment provides.