It’s smart any time of year to evaluate how safe your company is from cyber threats, but October’s Cybersecurity Awareness Month is a great reminder. It’s the perfect time for small business owners and employees to review best practices for boosting risk protection.

Cybersecurity Awareness Month was launched in 2004 by the U.S. Department of Homeland Security and the National Cybersecurity Alliance to empower individuals and businesses, helping them better protect themselves from cybercriminals.

Even as large-scale data breaches and cyberattacks continue to dominate headlines, “Cybersecurity Awareness Month reminds everyone that there are simple, effective ways to keep yourself safe online, protect your personal data, and ultimately help secure our world,” says the Alliance on its website.

This year’s campaign emphasizes “simple” ways to protect yourself and your business from online threats. “Small actions can make a big difference,” the nonprofit organization adds.

With that theme in mind, here’s an October cybersecurity checklist for small businesses that includes easy steps and priorities as shared by industry experts on how to keep your company, employees and customers from falling prey to cyber risks.

1. Protect Shared Documents from Hidden Threats 

Document sharing has become common practice in business, and this makes it a vulnerability for cybercriminals.

“Malicious links, phishing attempts, and even embedded malware can hide in seemingly innocent shared files,” the Alliance warns. “Through shared documents, criminals can steal your data, infect your system, or trick you into handing over sensitive information.”

Experts advise business owners and employees to use official sharing platforms with built-in protections, but also treat every document with caution.

“Don't open document links from someone you don't know or weren't expecting to hear from. When in doubt, delete the email.”

Common tactics include messages saying an invoice is overdue or that the attached document is confidential and “please do not share.”

“If something feels off, it probably is. Trust your gut. Delete the email or text,” advises the Cybersecurity Alliance.

2. Talk Cybersecurity with Your Vendors

Talking to your vendors, partners, and collaborators about cybersecurity protocol will help keep your company safer from outside threats, and also benefit the companies you do business with.

Just as you share best practices with employees, discussing the importance of cybersecurity with outside partners helps you build a culture of security.

“Your third-party vendors are part of your team even if you aren't officially coworkers,” says the Cybersecurity Alliance website. “Helping smaller vendors stay secure is about risk reduction, but it also assists with building resilient partnerships.”

3. Build Stronger Passwords, Not More Complicated Ones

Knowing how to create and store strong passwords remains a critical aspect of everyday cybersecurity.

Thinking has shifted over the years, away from the once-held thinking that a complex password equals a strong one.

Part of the change stems from the risks of storing complex passwords, as employees starting writing passwords on sticky notes or saving them in an insecure file on their desktops, according to Business.com Executive Editor Sharon Shea and former Senior Technology Editor Peter Loshin.

Now, according to the National Institute of Standards and Technology (NIST), it’s password length, not complexity, that is considered key to password strength. 

“Passphrases — the stringing together of a few words, such as kittEnsarEadorablE — are one method to make longer, easy-to-remember yet difficult-to-guess passwords that help defend against attackers who use dictionary attacks to target weak passwords,” says the Business.com article.

Advice still stands against reusing passwords — create a different password for each account or platform.

“If an attacker compromises one account that uses the same credentials as other accounts, the attacker can easily gain access to those other accounts,” says the Business.com post.

 “Attackers know that trying a reused password associated with a person's account on a breached system often unlocks other accounts. Password reuse is especially dangerous when employees use the same passwords for corporate and personal accounts.”

By taking these small but meaningful actions, your business can stay resilient all year long — not just during Cybersecurity Awareness Month.

Cybersecurity is an ongoing process. Once you’ve completed this checklist, continue strengthening your defenses with these related resources:

• Top Cyber Risks Facing Small Businesses in 2025
• 8 Cybersecurity Tips to Protect Your Business from a Data Breach
• How to Create a Cybersecurity Plan for Your Small Business