An occasional look at issues facing Wyoming business owners and entrepreneurs from
the Wyoming Small Business Development Center (SBDC) Network, a collection of business
assistance programs at the University of Wyoming.
By Paul Johnson, cybersecurity program manager, Wyoming SBDC Network
The holidays are far behind us and tax season is around the corner. This lull in the business calendar is a great time to check in on your business’s cyber readiness.
Cybersecurity is an ongoing function of any business, not simply a task to accomplish and forget. Keeping your organizational and customer data secure is vital to protecting not only your profits, but also your reputation and credibility.
Here are some basic tasks you can address to complete an internal cybersecurity audit. You likely won’t need an IT specialist for any of these areas and checking them off of your list will help ensure the cyber readiness of your company.
-- Review your administrative and personnel policies related to cyber readiness and amend or add information as needed. For example, is your password policy still appropriate? Does your termination procedure address shutting down access to systems? Does your onboarding include cybersecurity training?
-- Review your backup systems and redundancy policies. Are backups scheduled automatically; is access to cloud systems properly managed; and are any physical media locked and secured when not in use?
-- Evaluate the effectiveness of your antivirus software and ensure that all devices are set to automatically update software and have operating system protections activated. Determine whether your current antivirus software is still adequate or if there are better options available. Physically check auto-update and protection settings on all devices, including desktops, laptops, tablets, mobile phones and internet-enabled devices.
-- Evaluate other cyber protection measures in place, such as a password manager, an email/spam filter and a firewall. If those measures are not currently in place, research options and determine if now is an appropriate time to take such actions. If they are in place, ensure that they are updated and working properly.
-- Review access control for all users. Determine the level of access employees have to systems and software. Restrict staff access to systems and control levels that are appropriate to their needs and job functions.
-- Create a staff training plan for the upcoming year. Cyber readiness requires ongoing vigilance and education. More than 90 percent of cyberattacks are caused by human behavior, such as an employee clicking on a malicious link or falling for a phishing scam. Select a topic to focus on monthly and provide ongoing tips and training to address those topics.
Depending on the type of data your company maintains and the complexity of your systems, there may be other topics to include in your annual internal cybersecurity audit. The items listed above, though, are a great start to help your business be cyber ready and more resistant to online attacks and scams.
If you are unsure about how to proceed with an internal audit, reach out to the Wyoming SBDC Network. Our Cybersecurity for Small Business Program provides no-cost cybersecurity advising and training on all of the topics mentioned in this article and more.
The Wyoming SBDC Network offers no-cost advising and technical assistance to help Wyoming entrepreneurs think about, launch, grow, reinvent or exit their business. In 2025, the Wyoming SBDC Network helped Wyoming entrepreneurs start 42 new businesses; support 2,017 jobs; and bring a capital impact of $12.8 million to the state. The Wyoming SBDC Network is hosted by UW with state funds from the Wyoming Business Council and funded, in part, through a cooperative agreement with the U.S. Small Business Administration.
To ask a question, call 1-800-348-5194, email wsbdc@uwyo.edu or write Dept. 3922, 1000 E. University Ave., Laramie, WY 82071-3922.
For more information, go here.
All opinions, conclusions, and/or recommendations expressed herein are those of the author(s) and do not necessarily reflect the views of the SBA.
