There are three critical security controls that all small businesses should implement if they are just starting to address security. These are:

  1. Keep your systems up to date by applying all security updates
  2. Make sure you have daily backups of all critical data and be sure to test the ability to restore from the backups
  3. Users should not be local administrators on their computers, if that is not achievable, require the use of multi-factor-authentication for all systems and applications

For small companies that have already addressed the above controls take a look at Australia’s Essential Eight Maturity Model.