Stronger Security for Small Business
Attackers target companies of all sizes; no matter how obscure you think you may be, you should expect to be eventually attacked. Big companies devote lots of money and staff to fighting attacks—and even then, breaches still occur far too often. Small to medium-size businesses (SMBs) face a tougher challenge. Your security budget is tiny by comparison. As for the security “team”—well, often it’s just one or two people on the battle line. Because you must do more with less, it’s crucial to be smart about defensive choices and focus on what matters most.
As a small business you don’t have the time or money to sift through all of the security industries resources to solve this challenge, so you need to focus on the most likely threats.
At SafeHack UK we recommend going for the quick wins. These will shut down a huge percentage of potential attacks against your network.
Whitelist Applications. You can use group policy software restriction or a third party networking application that will only allow launching of approved applications. This limits the risks caused by users downloading a Trojan or other malware.
Patch quickly. Apply system and application patches to critical systems as soon as possible to eliminate possible attacks. Big software companies (Microsoft, Oracle, Java etc.) have a lot more resource to devote to securing systems than a small business, so trust in their expertise and patch regularly.
Control who has administrative privileges. A simple but obvious…Make sure you know who has admin rights and lock it down as much as possible. Do finance really need to be a domain admin to run that report?…I suspect not, spend the time to create proper user control and ignore the complaints. Try to operate on a rule of least privilege, not only will this minimise the risk of an external threat maliciously gaining admin rights through a user but can prevent accidental and intentional issues caused by a user.
Third party checks. With the best intentions anybody can make a mistake, miss a patch, leave a port open or miss configure a firewall. For this reason it is essential to get a second pair of eyes to check your network, at the very least your perimeter! This gives an objective view and can check for the obvious (and the not so obvious!) that you may have missed when setting the system up. This is why vulnerability scans and penetration tests are essential even for the small business, you would be surprised at the number of omissions we have seen that can catch a company out! (we were even guilty of a few ourselves in the not so distant past!)
Stick to the four quick wins above and your small business is on the right road to a more secure network. Cyber security is ever evolving and the unfortunately hackers have it easier than business, they only need to find one exploit to get in to your system…We have to find and fix them all!