A Practical Priority List to Improve Your Business Security

If you’re not dealing with a major issue or active breach right now, this is a practical way to improve security without overhauling your entire IT setup.  It’s designed for businesses that know security needs attention but haven’t made it a focus yet. Maybe it hasn’t been urgent, or maybe it’s unclear where to start.

This approach lets you chip away at security improvements while keeping your business running.

1. Get a Clear Picture of Where You Stand

Start by figuring out what protections are already in place and where the gaps are.

• Ask your IT team or MSP for a security audit
• Use Microsoft Secure Score if you’re using Microsoft 365
• Review your cyber insurance renewal checklist — it usually reflects industry expectations

This gives you a realistic baseline to work from.

Don’t skip the formal audit  

Many businesses skip this step because they don’t know what to ask for, worry they won’t understand the results, or assume a free assessment comes with strings attached. Horizon offers a range of no-cost scans that are easy to run and come with clear explanations. These assessments can provide a solid starting point and help you see where you stand

2. Address the High-Risk Gaps that Have Simple Fixes

Every business has a few issues that are potential sources of risk but are relatively easy to fix.

• MFA isn’t turned on for everyone
• Admin access is too widely shared
• Staff reuse passwords or use weak ones

Fixing these doesn’t require major changes and it quickly reduces your exposure.

3. Secure Access and Devices

Make sure your team’s devices and connections are protected.

• Encrypt laptops and phones and enable remote wipe
• Set expectations for remote work and personal devices
• Use endpoint protection and keep it updated

This is especially important for hybrid teams or anyone who works outside the office.

4. Get Visibility and Alerts

Add basic monitoring so you know what’s happening day to day.

• Use built-in Microsoft 365 alerts for login attempts and file changes
• Ensure alerts are reviewed by someone in-house or through your IT partner

Even minimal alerting can flag issues before they cause real damage.

5. Protect Your Data

Know where your business-critical data lives and who can touch it.

• Check access on shared drives and cloud platforms
• Shift to role-based access control
• Confirm that backups are running and that you can restore from them

This step protects your ability to operate and recover quickly.

6. Set Direction with Policy and Leadership

Security isn’t just a technical task, it’s a business responsibility.

• Create a basic security policy or update the one you have
• Make sure everyone knows what to do when something looks suspicious
• Decide who’s responsible for staying on top of security, even if that’s your MSP

This is also a good time to make sure your team has reliable help when they need it.

7. Choose How You’ll Keep Progressing

You don’t need to do everything at once. What matters is having a plan and sticking to it.

• Review security quarterly as part of regular business planning
• Use this Business Security Checklist to track what you’ve already covered and what’s still left to do.
• Or work with an MSP that delivers ongoing protection as part of a managed platform

If you’re short on time or don’t have in-house expertise, managed IT may be the fastest path to getting the basics in place.

Need a second set of eyes? Horizon works with businesses in Saskatoon, Regina, Winnipeg, Edmonton, Calgary, and everywhere in between.  We review where you’re at and help you build a path forward – whether that’s a small fix or a fully managed plan.

Get in touch with us to start.