Your 30‑Day Cyber Safety Plan
(Made for Small Business Owners)
Why this matters
Most downtime and data loss come from small, fixable things: missed updates, weak logins, and backups that don’t actually restore. This plan fixes the basics in 30 days without derailing your week.
Time needed
About 2 hours per week for 4 weeks. Owner or office manager can lead it. We can help or do it for you.
Quick wins (do these first)
- Turn on 2‑step sign‑in for email and key apps
- Test a restore for one file or folder
- Run updates on all computers
1) Week One
Accounts & Access (who can get in)
Goal: Stop easy break‑ins.
List who has access to email, finance, files, and admin tools.
Enforce 2‑step sign‑in (MFA) for email and remote access.
Turn off old/legacy sign‑in methods you don’t use.
Use a password manager or longer passphrases.
Outcome: You know who has access, and every login needs a code.
2) Week Two
Backups that Actually Work
Goal: Be sure you can get data back fast.
Follow 3‑2‑1 backups: 3 copies, 2 places, 1 off‑site.
Do a restore test for one file and one shared folder.
Set targets: how much data you can lose (RPO) and how long you can be down (RTO).
Make sure Microsoft 365/Google keeps deleted files long enough.
Outcome: You’ve proven recovery works — not just that backups ran.
3) Week Three
Devices & Wi‑Fi
Goal: Keep computers healthy and limit damage.
Turn on automatic updates for Windows/macOS and browsers.
Use modern threat protection (advanced antivirus/EDR).
Turn on disk encryption (BitLocker/FileVault).
Remove everyday admin rights.
Split Wi‑Fi into staff and guest networks.
Outcome: Fewer infections, and lost devices don’t leak data.
4) Week Four
Email & Vendors
Goal: Cut scams and lock down outside access.
Add an External label to outside email.
Block risky logins; require compliant devices for access.
Review vendor access (bookkeeper, web developer, software support); remove what you don’t need; rotate shared passwords.
Alert on suspicious inbox rules/forwarding.
Outcome: Less phishing risk, fewer surprise logins, cleaner vendor list.
10‑Point Scorecard
(check what is true today)
- Up‑to‑date list of devices and apps
- 2‑step sign‑in is on
- Old/legacy sign‑in is off
- 3‑2‑1 backups in place
- Restore test done this month
- Threat protection on all computers
- 90%+ devices updated on time
- Laptops encrypted
- “External” tag on outside email
- Vendor access reviewed
Helpful links
Next step:
Book a free 10‑minute IT health review:
businesscomputertechnicians.com/contact/
Read More IT Industry Insights & Tips
Stay ahead of the curve with expert analysis, actionable guides, and the latest news on business technology. Our blog is your resource for making smarter IT decisions and keeping your business secure and productive.
Your 30‑Day Cyber Safety Plan (Made for Small Business Owners)
Your 30‑Day Cyber Safety Plan (Made for Small Business Owners) Why this mattersMost downtime and
Proactive vs. Reactive IT: The Hidden Costs of Waiting Until It Breaks
Proactive vs. Reactive IT: The Hidden Costs of Waiting Until It Breaks Why “fix it
Managed IT Support: 2025 Buyer’s Guide & Checklist
Managed IT Support That Stops Downtime and Drives Growth Managed IT Support That Stops Downtime
Why Cyber Insurance Won’t Protect You From Attacks
Cyber Insurance Isn’t the Safety Net You Think It Is What is Cyber Insurance? Cyber
Hidden IT Costs That Drain Small Business Budgets
The Invisible IT Costs That Shrink Your Bottom Line Small Expenses; Big Costs Many small
Comprehensive Linux Keyboard Shortcuts for Productivity
Essential Linux Keyboard Shortcuts for Business Productivity Why Linux Shortcuts Matter Linux is the backbone