NYS LICENSED SECURITY & ALARM INSTALLER
(607) 795-8235

HOME / RESOURCES / MANAGED IT

A cybersecurity checklist for small New York businesses

You don't need an enterprise budget to close the gaps attackers actually use. Here's a practical checklist any small business can work through this quarter.

Managed IT · Published July 5, 2026 · 6 min read

Small businesses aren't too small to be targeted — they're targeted because they're small, on the bet that the basics were never set up. The good news: most breaches exploit a short list of well-known gaps, and closing them doesn't require an enterprise budget. Here's a checklist you can actually work through.

Start with the basics that stop most attacks

These three cover a huge share of real-world incidents:

  • Turn on multi-factor authentication (MFA) everywhere. Email, banking, remote access, and any cloud app. A stolen password is far less dangerous when a second factor is required.
  • Keep everything updated. Automatic updates for operating systems, browsers, and business software. Unpatched software is the door attackers walk through most often.
  • Use a password manager. One strong, unique password per account — no sticky notes, no reused logins.

Protect your network

Your network is the perimeter, and consumer gear rarely holds it:

  • A real business firewall, configured and maintained — not the box your ISP dropped off.
  • Separate your networks. Guest Wi-Fi, business systems, cameras, and point-of-sale should live on their own segments so a problem in one doesn't reach the others.
  • Secure your Wi-Fi with current encryption and a private business network distinct from the guest one.
Physical and digital security overlap more than people think: an unsecured network jack in a public area or an exposed server room is a cybersecurity problem too. If one company handles both, nothing falls between the cracks.

Back up like you'll actually need it

Ransomware makes backups your last line of defense — if they work:

  • Follow 3-2-1: three copies of your data, on two types of media, one of them off-site.
  • Automate it so it never depends on someone remembering.
  • Test a restore. A backup you've never restored from is a guess, not a safety net.

RCR is a NYS licensed commercial security & IT installer serving Upstate NY. Book a free site assessment →

Train your people

Most breaches start with a click, not a hack:

  • Teach phishing awareness — how to spot a suspicious email, link, or payment-change request.
  • Verify money movement out of band (a quick phone call) before changing bank details or paying an unexpected invoice.
  • Limit access to only what each role needs, and remove access the day someone leaves.

Have a plan before you need one

  • Write down who to call and what to do if a device is compromised or data is locked.
  • Keep offline contact info for your IT provider and key vendors.
  • Know your obligations — New York's SHIELD Act requires reasonable safeguards for private information and breach notification.

Where RCR fits

We provide managed IT and network security alongside physical security, so the same accountable team handles your firewalls, backups, and monitoring and your cameras and access control. If you'd like a second set of eyes, a free site assessment includes a look at the network your security runs on.

FAQ

Related questions

We're a small shop — are we really a target?
Yes. Automated attacks don't care how big you are; they scan for the common gaps (no MFA, outdated software, weak backups). Small businesses are often hit precisely because those basics were skipped.
Do we need cybersecurity if we already have cameras and alarms?
They solve different problems. Cameras and alarms protect the physical building; cybersecurity protects your data, email, and network. Modern security systems are also network devices, so the two are connected — which is why we handle both.
What's the single most valuable thing we can do first?
Turn on multi-factor authentication everywhere, starting with email. It's low-cost and blocks the majority of account-takeover attacks that stem from stolen passwords.

Free Site Assessment

Want a real number for your building?

Skip the guesswork — a tech walks your facility and gives you a written recommendation and quote, no obligation. Serving all of Upstate NY.

Request your assessment