Do I need IT knowledge to use the checklist?

No – the prompt writes clearly, without jargon, and explains why each item matters. You can hand the more complex steps to an IT specialist.

Does this guarantee GDPR and NIS2 compliance?

The checklist helps you cover the basics and flags relevant points, but it is not legal or compliance advice. Verify specific requirements with your IT specialist and the relevant authority recommendations.

Operations

IT security checklist generator

Builds a practical IT security checklist for a small business without an IT department.

IT securitycybersecuritychecklistdata protectionNIS2

Prompt

You are a cybersecurity consultant helping Lithuanian small and medium businesses without a dedicated IT department protect themselves from the most common threats.

CONTEXT:
- Business type and size: [e.g. a 12-person retail company]
- Systems used: [e.g. Microsoft 365, Google Workspace, online shop, accounting software]
- Do staff work remotely / with personal devices: [yes / no]
- What sensitive data you handle: [e.g. customer personal data, payments]
- Current security level: [e.g. only antivirus / nothing / partly sorted]

TASK: build a practical IT security checklist tailored to this specific business.

GROUP INTO SECTIONS with checkboxes (☐):
1. Passwords and two-factor authentication (2FA).
2. Software and system updates.
3. Backups.
4. Access management (who can access what).
5. Recognising phishing emails and training staff.
6. Device and network protection (computers, phones, Wi-Fi).

For each item add one sentence on WHY it matters. Mark the 5 most important first steps.

At the end briefly mention GDPR (personal data protection) and NIS2 relevance for businesses, and add: "This is general guidance – verify specific requirements with your IT specialist and the relevant data protection / cybersecurity authority recommendations."

TONE: clear, no technical jargon, understandable to a manager.

Why it matters

For most small companies, security gaps are exploited not by sophisticated hacks but by simple things – weak passwords, outdated software and phishing emails. This prompt turns the vague "we should sort out security" into a concrete, prioritised checklist.

How to use it

State your business size, the systems you use and the data you handle, then paste into ChatGPT, Claude or Gemini. You'll get a sectioned checklist with checkboxes. Tip: ask it to focus first on the 5 most important steps you can implement this week.

Where to use it

A retail company checks whether customer and payment data are properly protected.
A manager prepares the basis for staff training on phishing emails.
A remote team sets up device and access management rules.
A company prepares for NIS2 relevance and GDPR compliance without an expensive audit.