You don’t need a $10,000 penetration test to know if your Phoenix business is sitting duck for cybercriminals. Grab a coffee, spend five minutes answering these questions honestly, and you’ll know exactly where you stand. If you answer “no” or “I don’t know” to any of them, you’ve got work to do, but the good news is most of these fixes are faster and cheaper than you think.
Question 1: Does Every Employee Use Multi-Factor Authentication on Email?
Let’s start with the big one. Multi-factor authentication (MFA), that annoying extra code you get via text or app, blocks 99.9% of automated attacks even when passwords are stolen. That’s not marketing hype; that’s data from Microsoft’s analysis of billions of login attempts.
Check right now:
- Microsoft 365 users: Admin center → Users → Active users → Multi-factor authentication status
- Google Workspace users: Admin console → Security → 2-Step Verification
What you should see: “Enforced” or “Enabled” for every single person. No exceptions, no “I’ll do it later,” no “but I have a strong password.”
If MFA isn’t enabled everywhere: You’re one phishing email away from someone accessing your entire business email, client data, financial records, everything. We see this constantly in Phoenix: dental practices, real estate offices, accounting firms who “meant to turn it on” but never did.
How to fix it:
- Time required: 30 minutes
- Cost: FREE (included in Microsoft 365 Business and Google Workspace)
- Follow the setup wizard in your admin console and require it for all users
No excuses here. This is table stakes for security in 2026.

Question 2: Are Your Backups Stored Somewhere OTHER Than Your Office?
Pop quiz: Where does your backup data physically exist? If the answer is “external hard drive plugged into our server” or “network drive in the back room,” you have a disaster waiting to happen.
Ransomware doesn’t just encrypt your computers, it encrypts everything those computers can reach, including local backups. When the attack happens (and statistically speaking, it will), you’ll discover your backup and your live data are both encrypted. Game over.
Unsafe backup locations:
- External hard drive connected to your computer or server
- Network-attached storage (NAS) that employees can access directly
- That second computer in the corner running backup software
- “The cloud” (which cloud? be specific)
Safe backup locations:
- Cloud backup service with immutable storage (ransomware can’t delete it even if it tries)
- Offsite backup with the 3-2-1 rule: 3 copies of data, 2 different storage types, 1 completely offsite
- Backup service where computers write data but can’t read or delete it
Real story from Phoenix: We inherited a dental practice last year whose previous IT provider had set up backups to an external drive. Ransomware hit, encrypted the server and the backup drive simultaneously. They lost six months of patient records. Recovery cost: $18,000. A $75/month cloud backup would have saved everything.
How to fix it:
- Time required: 2-4 hours for initial setup
- Cost: $50-150/month for small businesses (5-10 users)
- Work with your IT provider to implement proper cloud backup with immutable storage
Question 3: Are You Still Running Windows 10 or Older?
Here’s an uncomfortable truth: Microsoft ended support for Windows 10 on October 14, 2025. That means no more security updates. Every vulnerability discovered from that point forward stays exploitable forever, and hackers specifically target end-of-life systems because they know patches aren’t coming.
Check right now:
- Press Windows key + R
- Type
winverand press Enter - You should see “Windows 11” with version 21H2 or newer
If you see “Windows 10” or older, you’re operating on borrowed time. Insurance companies are already starting to deny cyber liability claims for breaches on unsupported systems. Good luck explaining to clients that you knew you were running outdated software when their data got compromised.
How to fix it:
- Check if your current computers support Windows 11 (most 2019+ models do)
- Compatible computers can upgrade for free if you have valid Windows 10 licenses
- Older computers (typically 4+ years) need replacement
- Time required: 2-3 hours per computer for upgrades; 1-2 months for replacement procurement
- Cost: Free for upgrades; $700-1,200 per computer for replacements
Don’t delay this. Running unsupported operating systems is like driving without insurance, maybe nothing happens, but when it does, you’re financially destroyed.
Question 4: Do You Have EDR or Just Basic Antivirus?
Traditional antivirus works like this: it has a list of known bad stuff and blocks it. Endpoint Detection and Response (EDR) works differently: it watches for suspicious behavior and stops things that act like threats even if they’ve never been seen before.
That’s the difference between catching yesterday’s ransomware and catching tomorrow’s.
Check what you’re running:
Basic antivirus (NOT enough in 2026):
- Windows Defender by itself
- Norton, McAfee, AVG, Avast (consumer-grade)
- Anything you bought at Best Buy
EDR/XDR (what you actually need):
- Microsoft Defender for Business/Endpoint
- SentinelOne
- CrowdStrike
- Avanan XDR
- Managed EDR through your MSP
If you answered “I don’t know what we have,” that’s a no.
For Phoenix businesses handling HIPAA-regulated data (medical practices, attorneys, accountants dealing with health records), EDR isn’t optional, it’s required for most cyber insurance policies and is becoming standard for HIPAA IT compliance audits.
How to fix it:
- Work with your IT provider to deploy EDR across all computers
- At USTech.Ninja, EDR + XDR + anti-phishing + vulnerability scanning is included in our standard managed services ($65-85/user/month)
- Time required: 2-4 hours for deployment
- Cost: $5-15/user/month standalone, or included in comprehensive managed services

Question 5: When Did Someone Last TEST Your Backup (Not Just Check That It “Completed”)?
Backup software is excellent at reporting “success” while actually backing up corrupted files, incomplete data, or nothing useful at all. The only way to know your backup works is to restore files and verify they open correctly.
The test:
Can you show documented proof of a successful test restore in the last 30 days? Not “backup completed successfully”, actual evidence that someone restored files and confirmed they work?
What good looks like:
- Monthly test restores of random files/folders
- Documentation with screenshots showing restored files opened successfully
- Verification that critical applications (QuickBooks, dental practice management software, etc.) restore correctly
- Annual full disaster recovery simulation
If the answer is “we assume it’s working” or “our IT person says it’s fine,” that’s a no.
How to fix it:
- Schedule monthly test restores (1 hour per month)
- Document results every time with screenshots
- Rotate what you test, don’t just restore the same folder every month
- Time required: 1 hour monthly (ongoing)
- Cost: FREE, just requires discipline
The Cyber Insurance Reality Check
Here’s something most Phoenix small businesses don’t realize: if you answered “no” to multiple questions above, you probably can’t qualify for cyber insurance, or you’ll pay 3-5x normal premiums.
Insurance carriers now require:
- Multi-factor authentication on all accounts
- EDR/endpoint protection
- Tested backups with offsite/immutable storage
- Supported operating systems
- Security awareness training
Without these, you’re uninsurable, which means you’re self-insuring against $50,000-250,000 breach costs. That’s a hell of a bet.
“We’re Too Small to Be Targeted”
No, you’re not. Here’s why criminals love small businesses:
- 43% of cyberattacks target small businesses
- 60% of small businesses close within 6 months of a cyberattack
- Average cost of a breach for small business: $25,000-50,000
- Ransomware gangs specifically target small businesses because you’re less protected
Cybercriminals don’t care about your revenue. They care that you’re an easy target. Every “no” answer above is a neon sign saying “vulnerable here.”
We see this pattern constantly in Phoenix with dental practices, real estate offices, and small professional services firms. They assume they’re too small to matter: until ransomware locks their patient records three days before a major audit.
What Proper Security Actually Costs
Let’s talk numbers for a 5-person Phoenix business:
- Managed services with EDR/XDR/monitoring: $325-425/month ($65-85 per user)
- Microsoft 365 Business Premium (includes MFA, advanced security): $110/month ($22/user)
- Cloud backup with immutable storage: $75/month
- Total: $510-610/month or $6,120-7,320/year
Compare that to:
- One ransomware attack: $25,000+ plus weeks of downtime
- One data breach: permanent loss of clients and reputation
- HIPAA violation fine: $50,000+ for a small practice
Security isn’t an expense. It’s the cheapest insurance you’ll ever buy.
Your Security Score
5/5 “Yes” answers: Solid baseline security. Consider adding security awareness training and dark web monitoring for complete protection.
3-4 “Yes” answers: Better than average but exploitable. Prioritize fixes in the next 30 days.
1-2 “Yes” answers: Prime target. Cybercriminals scan for exactly these weaknesses. Address immediately.
0 “Yes” answers: It’s not if you’ll be breached, but when. Stop reading and get help today.
Start Right Now
Pick one item and fix it this week:
- Easiest/fastest: Enable MFA (30 minutes, free)
- Biggest impact: Add EDR through your IT provider (2 hours, ~$10/user/month)
- Most critical: Test your backups (1 hour, free)
Then fix another next week. Security is a process, not a one-time project.
Research shows that even small actions: upgrading passwords, training staff, or adding basic monitoring: can prevent 90% of security incidents. You don’t need perfection. You need progress.
Get a Professional Assessment
At USTech.Ninja, we built our business around Phoenix small businesses (1-20 users) who deserve enterprise-grade security without enterprise prices. Our standard managed services include EDR, XDR, anti-phishing, vulnerability scanning, security training, and monthly backup testing: all included in $65-85/user/month.
Want to know where you stand? Schedule a free 30-minute security assessment. We’ll go through this checklist with you, identify your biggest risks, and give you a prioritized action plan: no obligation, no sales pressure.
Because small businesses deserve the same ransomware protection, HIPAA IT compliance support, and proactive security that Fortune 500 companies get: just at prices that actually make sense for a Phoenix dental practice, real estate office, or professional services firm.





