Although organizations of all sizes are targeted by cyber criminals, small and medium-sized businesses (SMBs) have become a preferred target as of lately. One part of the issue SMBs face is lack of resources.   They often do not have the time, money, or dedicated personnel to ensure they stay of these attacks.

However, another part of the issue is perception. Most SMBs do not see themselves as being at the same amount of risk as their enterprise counterparts due to their belief that their data is not as valuable, even though they can also be a foothold for attackers to acquire access further up the supply chain of larger organizations.

1. Tighten Up Administrative Privileges

   SMBs have an advantage when it comes to the relatively small number of privileged accounts they must manage and audit. It is essential to make a routine practice of looking at who has admin privileges and shut down access to anyone who shouldn't have full permissions on these accounts.

2. Avoid Underestimating Cloud Security

   Most SMBs spend a lot of time running many applications and services from the cloud, whether they're using software-as-a-service (SaaS), cloud infrastructure environments, or even both. However, as an SMB, it is important to make sure to implement adequate controls and configurations, and you must have visibility into your accounts in order to mitigate the potential of account takeovers. 

3. Identify What You’re Unable to Do

   Take the initiative to speak to the Chief Information Officer (CID) or head of IT operations at your company, if you have one, and identify the things you’re unable to do, whether it is due to time or resources. Some of the items you can add to your list of things you are currently unable to do may include things like risk assessments, penetration testing, forensics, security operations center (SOC), and large-scale incident response.

4. Ensure Your Company Has a Scaled Down, Flexible Incident Response Plan

   A very unideal situation for SMBs is having a BO-page incident response plan that no one reads. Make sure your incident response plan is digestible by only including a few sections and a notification chain. Though, the same way you would in a larger firm, you should update regularly, even if you only do so annually.

5. Prioritize Patch Management

   An essential aspect of patch management is remaining on top of the next patch. Add this to your calendar as part of your weekly or monthly "maintenance" checklist. Pay close attention to notifications from vendors such as Microsoft and others to keep your systems up to date.

6. Lock Down Access to VPNs

   When there are a smaller number of users, it is imperative to keep track of the various log ins via VPN and limit service to only be enabled for those with a business need. Ensure that as employees are hired or fired that you update their access accordingly and add this to be a part of your set up and offboarding checklist.

7. Avoid Playing Whack-a-Mole with Passwords

   Because SMBs have a smaller security and IT team, it is counterproductive to spend time performing password resets after lockouts have occurred. A bit of training will go a long way, so make sure you instruct your team on creating a long, unique password phrase that they'll remember, and establish a technical control for enforcement. In addition, set the password expiration for a longer period. If you are having trouble setting up a unique password, consider hiring a Password manager.

8. Clean Up Your Inbound and Outbound Traffic
   Depending on your industry, it might be challenging to monitor all inbound and outbound connections for an SMB staff. However, when the pool of users is smaller, it can be easier to lock down your traffic. For example, are you expecting to see inbound or outbound 135-139 port traffic? Ports 135-139 are typically used for client/server communication, browsing requests of NetBIOS over TCP/IP, and Common Internet File System (CIFS). Do you use SSH? FTP? If not, lock down those in- bound/outbound services. Having a smaller pool of users will mean your operational needs are most likely more condensed, thus limiting your attack surface.

As cybercrime becomes a more urgent matter, cybersecurity must follow. Take our assessment today to find out if managed security is right for your business.