This document discusses best practices for securing small and medium-sized businesses (SMBs) in today's evolving cyber threat landscape. It covers the increased risks SMBs face from remote work, underestimating threats, and using insecure password practices. The document advocates for moving beyond passwords to using strong multi-factor authentication (MFA) like security keys, which are phishing-resistant and proven to stop account takeovers. It provides guidance on how SMBs can get started with security keys by leveraging their ease of use, security, reliability, and affordability compared to other MFA options.