Every week, we talk to a small business owner who just lost important data, got locked out of an account, or is scrambling because a laptop died. Almost every time, the root cause is the same: basic IT hygiene was skipped because no one had a checklist.
This is that checklist. It is the same audit we run when we onboard a new IT support client in Bentonville, Branson, or Harrison. Print it. Check off what you have. Fix what you do not.
1. Backups
- Daily automated cloud backup of all business-critical files
- Automated backup of email (not just the inbox — sent items and archives too)
- Offline or air-gapped backup for ransomware protection
- Backup testing performed quarterly — actually restore a file to confirm it works
- Employee devices (laptops, phones) included in backup scope
2. Security
- Password manager used by every employee (no shared spreadsheets)
- Two-factor authentication (2FA) enabled on all business accounts
- Firewall active on office network and all employee devices
- Endpoint protection (antivirus/EDR) installed and updating automatically
- Guest Wi-Fi network separated from business network
- Remote access secured with VPN or zero-trust policy
- Physical access controls to server room or equipment closet
3. Software & Updates
- Operating systems auto-updating on every device
- All business applications updated to latest supported version
- Deprecated or end-of-life software replaced (Windows 10 does not count)
- Software license audit completed — no pirated or unknown installs
- Shadow IT inventory: unsanctioned apps employees are using for work
4. Hardware
- All equipment under manufacturer warranty or extended service plan
- Asset inventory with serial numbers, purchase dates, and warranty status
- Spare laptop or workstation available for emergencies
- Battery backup (UPS) on routers, switches, and critical workstations
5. Network & Connectivity
- Business-grade internet with documented backup plan (hotspot, failover ISP)
- Network monitoring to detect outages or unusual traffic before they become problems
- Quality of Service (QoS) configured to prioritize VoIP and video calls
6. Compliance & Documentation
- IT policy documented and signed by all employees
- Incident response plan written and tested at least once this year
- Data retention and disposal policies defined
7. Accounts & Access
- Centralized identity management if you have 3+ employees
- Offboarding checklist: revoke access, recover company data, disable accounts
- Shared accounts eliminated — every person has their own login
- Domain, hosting, and critical accounts registered in the business name, not a personal account
What your score means
- 35–41 items done: Excellent. You are ahead of 90% of small businesses.
- 25–34 items done: Good, but you have gaps that represent real risk. Pick the top 5 missing items and fix them this month.
- 15–24 items done: You are one unlucky day away from a serious problem. Prioritize backups, 2FA, and software updates this week.
- Fewer than 15: Consider this an emergency. At minimum, enable backups and 2FA today. Then call someone.
"We checked every box except 'backup testing.' Then ransomware hit. Our backup was corrupted. It took us three weeks to rebuild what we lost, and we never recovered the trust of two key clients." — Branson-area service business owner
When to hire help
If this checklist overwhelms you, that is normal. Most business owners did not get into business to manage IT. At BorlandTech, we run this audit for every new client, then build a prioritized plan to close the gaps. You do not have to do it all at once. You just have to start.