If you have questions or would like additional guidance, don't hesitate to get in touch at Noteline or LinkedIn
<aside> <img src="/icons/bullseye_gray.svg" alt="/icons/bullseye_gray.svg" width="40px" />
Goal: Quickly identify the biggest reliability and security gaps in a small business environment, then produce a short, prioritized fix list.
</aside>
Aligned with modern security baselines (NIST, CIS, Microsoft Secure Score principles)
Doc Rev 1.2 - February 2026
Owner: *@JohnSmith ***Last Reviewed: February 11, 2026
| Score: | Action: | Note: | Severity: |
|---|---|---|---|
| Every user has their own account | No shared logins for email/admin tools | ||
| Admin accounts are separate | From daily use accounts | ||
| Offboarding process exists | Disable accounts, reclaim devices, revoke access | ||
| MFA is enabled | For email, VPN, finance tools, and admin portals | ||
| Password manager is used | Company managed vault, not browser only |
Notes go here
| Score: | Action: | Note: | Severity: |
|---|---|---|---|
| Device inventory exists | Laptops, desktops, phones, servers, network gear | ||
| OS updates enforced | Windows/macOS auto-update, reboot policy | ||
| Disk encryption enabled | BitLocker or FileVault | ||
| Endpoint protection present | (EDR/AV) and centrally visible | ||
| Local admin rights restricted | Exceptions documented |
Notes go here