2026 IT & Cybersecurity Checklist

Essential security and IT best practices for small businesses in Bellingham & Whatcom County

0 / 20

Not Started

Check the boxes below that apply to your business. Your score will update automatically.

Email & Identity Security

Multi-Factor Authentication (MFA) enabled on all email and admin accounts

DMARC, SPF, and DKIM properly configured for your domain

Advanced email security solution enabled (e.g. Huntress or Microsoft Defender)

Process in place to verify unusual payment or data requests by phone

Modern endpoint protection with behavioral detection

Full disk encryption enabled on all company devices

All devices receive automatic security updates

Regular security awareness training with simulated phishing tests

Automated daily cloud backups are running

Backups are immutable / stored offsite (ransomware resistant)

Backup restoration has been tested in the last 6 months

Documented disaster recovery plan exists

HIPAA compliance measures in place (if applicable)

Data classification and handling procedures are documented

Data Loss Prevention (DLP) policies are configured

Business Associate Agreements (BAAs) are in place with relevant vendors

Regular compliance or security risk assessments are conducted

Security assessments completed for critical vendors

Access reviews performed for third-party accounts

Contracts include security and breach notification requirements