The AZTech IT Blog

IT Industry News, tips and tricks and the latest AZTech IT news

I.T. Security Audit Checklist for Small and Medium Businesses

Posted by Michael Houghton | 22-Apr-2021 11:01:28

For many small/medium businesses cybersecurity can be a daunting task, alongside not having the necessary recourses or skills needed to ensure that the business is fully secure. However, there are some simple and easy steps to take to help minimise the risk of possible suffering. These steps cannot guarantee total protection against cyber-attacks however, they can help significantly reduce this risk.

  1. Complete risk assessments
  2. Ensure your desktop security is up to scratch 
  3. Employ proper email security 
  4. Frequently back up data
  5. Train all employees on appropriate protocol 
  6. Protect your mobiles and tablets
  7. Secure your WIFI

Complete risk assessments

First and foremost, it is imperative to complete risk assessments. An IT risk assessment helps highlight any weaknesses you have within the IT system, allowing you to proactively create a disaster recovery strategy that protects any critical information from threats.

IT risk assessments should expose:

  • Any weakness or vulnerable areas that allow security breaches. This can include things such as untrained employees, out-of-date software, and old equipment.
  • What the companies most valuable information and assets are, such as client information, monetary data, and trade secrets
  • What threats are most critical to your business: Hacking, system failures, natural disasters.


Once the IT risk assessment has highlighted the above, you can put together steps on prevention, improvement and disaster crisis.

Book A Free Security Assessment 

Aztech IT risk assessment checklist

Ensure your desktop security is up to scratch

Desktop security is regularly forgotten about, especially in small and medium businesses. Desktop security includes ensuring that all computers/laptops used by employees have appropriate anti-virus software and that all computers are updated regularly with the latest security patches and system updates.

We recommend setting up prompts on employee’s computers, asking them to change their password every 90 days. As well as introducing policies or restrictions on downloadable content.

Aztech IT risk assessment checklist - email protection

Employ proper email security

Most businesses use email to communicate internally and externally. However, many businesses fail to put appropriate security in place, opening themselves up to the risk of phishing emails. Alongside training employees to be able to identify phishing emails, by means of unfamiliar email addresses, suspicious links and spelling errors, businesses can also protect themselves by enforcing regular password updates, using strong passwords, setting up 2-factor authentication and also use VPNs (Virtually Private Networks), especially if there are employees who work from home. If you are sending sensitive data or information by email, you can use encryption apps that will disguise any information from hackers.

Aztech IT risk assessment checklist  - Back up your data

Frequently back up data

Businesses of any size should ensure that they are backing up their data regularly and that it can be restored. This will ensure that the business can still function if they experience a natural disaster such as a flood or fire, and also if the data can be restored it will limit the likelihood of blackmail by ransomware attacks.

Things you should consider when backing up your data:
  • What data should be prioritised
  • The location you store the backup copies. This should be a separate location from your regular computer system
  • Consider locations such as the cloud. However fully read and understand the security of the cloud system you use
  • Ensure data is being backed up daily


Aztech IT risk assessment checklist - train your employees

Train all employees on appropriate security protocols

Training all employees on proper IT security will significantly reduce the risk of data breaches within the business. Including cyber security training into your onboarding process, brings awareness to all employees of the importance of cyber security, and also ensures that your employees know what to look out for – for example, phishing emails.

Aztech IT risk assessment checklist  - protect your mobiles

Protect your mobiles and tablets

Any device that is regularly taken out of the office, needs to be protected and arguably needs far more security than desktop equipment. All devices should be password protected and the password should be updated often. Settings to track lost or stolen devices should be turned on or/and if applicable the ability to remotely wipe all data from the device. All Apple and Android phones have this feature.

Furthermore, we recommend updating the device's software and apps frequently, as well as not connecting to any unknown WIFI.

Aztech IT risk assessment checklist  - secure your wifi

Secure your WIFI

Unsecured networks can leave businesses extremely vulnerable to cyber-attacks. These steps will help secure your network easily and quickly:

  • Move your WIFI router to a secure location
  • Change your network name
  • Have different access for guests
  • Change the default login information
  • Update your firmware and software
  • Use WIFI protected access
  • Remove rogue access points

If you are looking for help with your cybersecurity, book a free security assessment or visit our website, and explore all of our cybersecurity services. 

Download The IT Security Assessment Checklist

Topics: IT Security, cyber essentials, Mobile Security, Security Assessment

Written by Michael Houghton

Technical Director

Subscribe to the Blog!

Free IT Healtch Check