🛡️
EmailBreachGuard
Plain-English breach reports
Security Basics

A Simple Security Baseline for Small Businesses

Many small businesses feel stuck between "do nothing" and "enterprise security." The good news: a small number of simple practices can dramatically reduce your risk without turning you into a full-time security team.

1Protect your business email first

Business email is often where invoices, approvals, and sensitive client details live. It's also the key to resetting passwords on many systems.

  • Use a business-grade email platform (Google Workspace, Microsoft 365, etc.)
  • Require unique passwords for each mailbox
  • Turn on MFA/2FA for everyone, especially owners and finance staff

2Stop password reuse across the company

Reused passwords are how one leak turns into a business-wide incident.

  • Use a password manager to store logins for staff
  • Avoid sharing a single password in plain text (email, chat, sticky notes)
  • For shared logins, store them in a shared vault instead of giving everyone the raw password

3Turn on MFA for your most important systems

You don't have to enable MFA on every small tool on day one. Focus on systems that could really hurt if compromised:

  • Email platform and admin accounts
  • Banking and payroll
  • Remote access tools, VPNs, and RMM solutions
  • Core line-of-business apps (CRM, practice management, booking, etc.)

4Keep basic device hygiene

  • Make sure laptops and desktops have automatic updates enabled
  • Use reputable endpoint protection (antivirus/EDR) from your MSP or vendor
  • Require a PIN or password to unlock computers and phones
  • Encrypt business laptops where possible, especially for remote staff

5Backups: your "get out of jail" card

Ransomware and accidental deletions happen. A good backup turns a crisis into an inconvenience.

  • Back up critical data automatically (cloud storage or backup service)
  • Test restores occasionally to make sure backups actually work
  • Ensure at least one copy is offsite or logically separated from the main system

6Train people on one page, not a textbook

Most staff don't need a 40-page policy—they need a one-page "how we do things here."

  • Explain how to spot suspicious emails
  • Tell them exactly who to contact if something looks wrong
  • Make it clear they won't be punished for asking for help

7Use breach reports as a simple risk snapshot

Tools like EmailBreachGuard can show which staff emails have appeared in breaches. That gives you a concrete starting point:

  • Who needs a password change?
  • Where is MFA missing?
  • Which accounts are tied to old or unused services?

The bottom line

You don't need a huge security budget to meaningfully reduce risk. If you:

  • Secure email and stop password reuse
  • Turn on MFA for key systems
  • Keep devices updated and backed up
  • Use breach checks to catch issues early

…you're already far ahead of many small businesses.

Want a simple way to see which staff emails have appeared in breaches?

Run a breach check with EmailBreachGuard →