FREE RESOURCE
IT Security Checklist for Canadian Businesses
A practical, no-fluff checklist to help you assess where your business stands on cybersecurity basics.
Get a Free Expert Review
Most cybersecurity incidents don't come from sophisticated zero-day exploits, they come from basic gaps: reused passwords, missing multi-factor authentication, untested backups, or an unpatched server. Use this checklist to get an honest picture of where your business stands today.
Work through each section below. If you can't confidently check off an item, that's a good place to start improving your security posture, or a good question to bring to your IT provider.
✅ Identity & Access
- Multi-factor authentication (MFA) is enabled on all email and critical accounts
- Unique passwords are used for every account, with no reuse across systems
- A password manager is used company-wide rather than browser-saved passwords
- Former employee accounts are disabled immediately upon departure
- Admin privileges are limited to only those who genuinely need them
✅ Email & Phishing Defence
- Advanced spam and phishing filtering is enabled on your email platform
- SPF, DKIM, and DMARC records are correctly configured for your domain
- Staff have received phishing awareness training within the last 12 months
- A clear process exists for staff to report suspicious emails
✅ Devices & Endpoints
- All devices run modern endpoint detection and response (EDR), not just basic antivirus
- Operating systems and software are patched on a regular, defined schedule
- Company data cannot be accessed from personal devices without proper controls
- Lost or stolen devices can be remotely locked or wiped
✅ Backup & Recovery
- Backups run automatically and are verified to complete successfully
- At least one backup copy is stored off-site or in the cloud
- Backups have been test-restored within the last 12 months
- Microsoft 365 mailboxes and files are backed up independently of Microsoft's native retention
✅ Network & Infrastructure
- A business-grade firewall is in place and actively managed
- Guest WiFi is separated from your internal business network
- Remote access to your network requires MFA and is logged
- A vulnerability scan has been performed within the last 6 months
Want an Expert to Review Your Results?
Book a free, no-obligation security assessment and we'll walk through this checklist with you in detail.
Explore Cybersecurity ServicesContact Us