How to Run a Cybersecurity Audit When You’re a One-Person IT Team

Running a cybersecurity audit sounds like something that requires a dedicated security team, a six-figure budget, and three months of planning.

It doesn’t.

If you’re a one-person IT department — at a nonprofit, a small business, or anywhere that expects you to do everything — you can run a meaningful security audit in a single afternoon. Not a perfect one. Not a SOC 2 certification. But a real, actionable assessment that identifies your biggest vulnerabilities and gives you a plan to fix them.

Here’s how to do it.

Why Solo IT Managers Skip Security Audits (and Why That’s Dangerous)

Let’s be honest about why this doesn’t happen:

• Time. You’re already underwater with daily operations. Adding a full audit feels impossible.
• Scope. Where do you even start? Network security? Endpoint protection? User access? Physical security? It’s overwhelming when you think about everything at once.
• Expertise. You know IT. You may not consider yourself a cybersecurity specialist. The imposter syndrome is real.
• Budget. External audits cost thousands. You don’t have thousands.

Here’s the thing: the organizations that get breached aren’t usually the ones with sophisticated attackers — they’re the ones that never looked. A basic security audit that actually happens is infinitely more valuable than a comprehensive audit that lives permanently on your to-do list.

The 4-Hour Cybersecurity Audit Framework

This framework is designed for reality — one person, limited time, no budget for external tools. You’ll cover the areas that matter most and walk away with a prioritized action plan.

Hour 1: User Access and Identity

This is where most breaches start. Someone who shouldn’t have access does, or someone who left still does.

What to check:

• Active accounts vs. current employees. Pull your Active Directory or identity provider user list. Compare it to your current employee roster. Every account that doesn’t match a current employee is a risk.
• Admin accounts. List every account with administrator or elevated privileges. If you can’t explain why each one needs admin access in one sentence, it’s a problem.
• MFA coverage. Which accounts have multi-factor authentication enabled? Which don’t? Every account without MFA is an open door.
• Password policy. When was the last time passwords were rotated? Is there a minimum complexity requirement? Are you using a password manager?
• Shared accounts. Any accounts used by multiple people? These are audit nightmares and security risks. Document them all.

AI prompt to speed this up:

Create a user access audit checklist for our organization. We use [IDENTITY SYSTEM — Active Directory, Google Workspace, Entra ID]. We have [X] employees. Include checks for: orphaned accounts, excessive privileges, MFA gaps, shared credentials, service accounts, and vendor/contractor access. Prioritize by risk level.

This prompt generates a customized checklist in about 30 seconds. You’ll spend the rest of the hour actually running through it.

Hour 2: Endpoint and Network Security

Now you’re looking at the devices and the network that connects them.

What to check:

• Patching status. How many devices are behind on OS updates? On application updates? Your RMM should tell you this instantly. If it can’t, that’s finding number one.
• Endpoint protection. Is every device running current antivirus/EDR? Any devices that slipped through?
• Firewall rules. When was the last time you reviewed your firewall rules? Are there any “temporary” rules from three years ago that are still active?
• Wi-Fi security. Guest network isolated from production? WPA3 or at minimum WPA2-Enterprise? Default credentials changed on access points?
• Remote access. VPN configurations current? Any open RDP ports? (If yes, close them. Today.)
• Encryption. Are all laptops encrypted (BitLocker/FileVault)? What about USB drives? Mobile devices?

AI prompt for network assessment:

Analyze our network security posture. We have: [DESCRIBE YOUR SETUP — number of sites, network equipment, remote workers, cloud services]. Identify the most common vulnerabilities for this type of environment and create a prioritized checklist. Focus on high-impact, low-cost fixes first. We’re a [NONPROFIT/SMB] with limited security budget.

Hour 3: Data Protection and Backup

If everything else fails, backups are your last line of defense. This hour is about making sure that line actually holds.

What to check:

• Backup coverage. Is everything critical being backed up? Not just servers — cloud data (Microsoft 365, Google Workspace), databases, configuration files.
• Backup testing. When was the last time you actually restored from backup? If the answer is “never” or “I don’t remember,” schedule a test this week.
• 3-2-1 rule compliance. Three copies of data, two different storage types, one offsite. Are you actually doing this?
• Retention policy. How far back can you restore? Is it far enough for ransomware recovery (where the infection might have been sitting for weeks)?
• Data classification. Do you know where your sensitive data lives? Donor PII, client records, employee HR data, financial information? If you don’t know where it is, you can’t protect it.

AI prompt for backup audit:

Create a backup and disaster recovery audit for our organization. Current backup solution: [DESCRIBE]. We need to protect: [LIST CRITICAL SYSTEMS AND DATA]. Evaluate our setup against the 3-2-1 backup rule. Include: recovery time objectives (RTO), recovery point objectives (RPO), and a test schedule. Flag any gaps between our current state and minimum acceptable protection.

Hour 4: Policies, Training, and Documentation

The human layer. This is where most security incidents actually originate.

What to check:

• Security awareness training. When was the last training? Is it annual? Does it include phishing simulation?
• Acceptable use policy. Does one exist? Has anyone read it in the last year?
• Incident response plan. If you got breached right now, do you know exactly who to call and what to do? Is it written down?
• Vendor security. Have you reviewed the security practices of your critical vendors? Do they have SOC 2 or equivalent certifications?
• Physical security. Server room locked? Visitor policies enforced? Clean desk policy?

AI prompt for policy gap analysis:

Review our current IT security policies and identify gaps. We currently have: [LIST EXISTING POLICIES]. We’re a [TYPE OF ORG] with [X] employees handling [TYPES OF SENSITIVE DATA]. Compare against common compliance frameworks (NIST CSF, CIS Controls) and tell me what we’re missing. Prioritize by risk — what could actually hurt us vs. what’s nice to have.

Turning Findings Into Action

After four hours, you’ll have a list of findings. Some will be easy fixes. Some will require budget. Some will require organizational change. Here’s how to prioritize:

Fix immediately (this week):

• Disable orphaned accounts
• Close open RDP ports
• Enable MFA on remaining accounts
• Update critical patches

Fix soon (this month):

• Implement missing backup coverage
• Update or create incident response plan
• Schedule backup restore test
• Review and update firewall rules

Plan for (this quarter):

• Security awareness training
• Data classification project
• Vendor security review
• Policy updates

The Prompt Library Advantage

Every AI prompt in this article is designed to save you time during the audit itself. But the real value of a curated prompt library is what happens after — when you’re writing the remediation plan, drafting the board update about your findings, creating the training materials for staff, or building the policies you identified as missing.

A well-structured prompt turns a 3-hour writing task into a 20-minute review task. When you’re the entire IT department, that difference matters.

If you want a head start, our free AI prompt sample includes security audit prompts along with prompts for documentation, vendor management, and more — built specifically for IT managers who are doing it all.

Ready for the complete library? The full IT Manager’s AI Prompt Pack covers 150+ prompts across 10 categories.

Running IT solo is hard. Running it without documentation, without tested backups, and without a security baseline is dangerous. Four hours of audit work today could save you from a much worse day down the road.