Securing a small business is a challenging task. There are budget and resource constraints. Plus, the SMBs often don’t get sound security advisory. It creates a massive gap in their security planning, understanding the threats and overcome the challenges.
Cyber attackers are aware of the lack of defense and mercilessly attack the SMBs. Reports say, 77% of cybercrime targets small & medium businesses.
We have prepared a list of powerful and effective security checklists and best practices which will help all the aspiring small enterprises and startups to get the security right and reduce cyber attacks.
Checklist 1 “Focus on implementing Essential Security Hygiene”
SMBs have to work religiously to set up their basic security hygiene. Yes, due to the budget and resource constraints, they might not implement Network Security, Application Security, VAPT, Cloud Security at one go. But make sure you have a roadmap ready to understand the security requirements and work towards implementing the basic security hygiene.
Checklist #2 “Secure VPN, MFA and unsaved passwords is a must to connect to the corporate network”
All three components mentioned here are important. Setup a secure VPN, make sure employees are trained not to just save the password and re-use it by clicking a button. Make sure the VPN has Multi factor authentication setup. Just in case the employee laptop is compromised, these three simple steps will ensure that the compromise doesnt extend into your corporate network.
Checklist #3 “Distributed denial of service attacks (DDoS) are a reality regardless of company size. Protect yourself”
Distributed Denial of Service sounds like a very fancy attack. Many small medium business (SMB) CISOs make the mistake of assuming hackers will launch DDoS attacks only on enterprises. Wrong assumption. Remember that even if that were true, small business compromise can provide a way for a hacker into the big businesses that use the SMB as a third party. It’s fairly easy these days to protect yourself from DDoS. Ask your MSSP how.
Checklist #4 “Email Security gateway is your first line of eMail defense”
A secure email gateway acts as a filter to ensure incoming email is checked for spam, malware and phishing attacks. Many SMBs rely on the email provider’s default security to keep them secure. This is not advisable. Consider deploying a specialist email security gateway. While this is important, it is by no means sufficient. Smart phishing attacks in particular, can quite easily sneak past standard email security gateways.
Checklist #5 “Evaluate how prone your employees are to phishing attacks”
Hackers of all skill levels find ways to exploit employee unawareness. Phishing attacks range from amateurish attempts to highly sophisticated spear phishing attacks. Imagine an employee receiving a phishing email from the CEO’s email ID complete with the writing style of the CEO! It would take a well educated employee to be able to detect and avoid such an attack. Phishing simulation exercises are a must. They provide the seriousness required for other security awareness exercises that you conduct.
Checklist #6 “Signing up for a WAF is not enough”
Time and again we see companies that purchase a WAF service and think they are done protecting their application! A WAF is not magic nor is it a complete solution. An application security assessment throws out issues. A WAF should be configured to patch some of the issues which are expected to take time to fix. Take expert support if needed to configure your WAF right. And also, remember that a WAF doesn’t eliminate the need to actually fix the vulnerabilities in code or your infrastructure. A WAF is a quick fix, a bandaid, that’s all. Use it wisely and only for the purpose it was designed to fulfil.
Security Checklist #7 “Be prepared for a smart Chess game”
There seems to be a common perception that hackers go after enterprises more than SMBs. Why? Because it’s supposedly not worth it to go after SMBs. Hackers like to conquer territory. The more territory they have under their control, the more their reach increases. The question is of reach not of direct benefit. In an age where hacking by compromising third parties is increasing rapidly, if nothing else your SMB is a vendor to some enterprise or the other. And hackers are always on the lookout for ways to reach their ultimate targets. They are patient. For hackers, it is a chess game. And if your SMB business is not the king in the chess game, it could be an important square on the chess board.
Are you a ready for the Forever War of Security?
Security is a forever war. There is no respite from the motivated, targeted and sophisticated cyber attacks. Continuous enhancement of security practices can help SMBs to defend their assets better. With over 20 years of cyber security experience, we understand the challenges faced by the SMBs to set up their security fortress. We are here to help. Reach out to us for discussion, gap assessment and consultancy.