Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity News

6 Defenses for SMB Cybersecurity

By Raj Dodhiawala
cyber_smb
April 13, 2015

If you as a business owner think that just because you’re not a huge corporation with thousands of employees you’re therefore immune to cyberattacks… Think again.

In today’s networked, digital economy, the only thing you need to make yourself attractive to the cyber bad guys is to possess, or merely enable access to, sensitive digital information like credit cards and social security numbers. We have all seen the headlines where huge corporations including Home Depot, Target, Sony and Anthem have fallen victim to cyberattacks that resulted in exfiltration of tens of millions of sensitive personal records. Because of today’s interconnected business ecosystem, your company doesn’t have to be a corporate behemoth to be breached; the size, scope and scale of your business is irrelevant to cybercriminals. The cliché “not if but when” applies to organizations of all sizes.

With this in mind, we recommend six areas that any small- or mid-sized business must consider to better defend itself against cyberattacks.

1. Security does cost, but lack of security costs even more.Many small and mid-sized companies often say that doing digital security “right” seems expensive. Think of a home alarm system. It may seem expensive until burglars break in. Cybersecurity surely is an added cost until, say, a data breach happens that becomes a lot more expensive to fix and to recover from. You do need to invest in layered security from the perimeter to your endpoints commensurate with the sensitivity of your data.

2. Establish an incident response plan.An incident response plan must include education, prevention and response processes. It should include things like maps of all endpoints, contingency plans for all possible situations, assignment of the Program Management role and establishment of a command center location in advance. Furthermore, employees should be trained specifically what to look for in terms of suspicious behavior. Once you know an incident occurred, you need to charge an employee with managing the response to it, which might well entail working with your legal department, attorneys and law enforcement.

3. Know your environment.For example, if you’re buying a payment processing system that claims it is PCI-compliant, be sure that it actually is. Trust but verify. You also need to have a clear map of where your sensitive data resides and how it’s protected, both from access via the network and from the endpoints where the data is stored or processed.

4. Passwords alone aren’t enough.First, enforce the strong password policies that your authentication system (like Active Directory) already provides. Beyond this, you can use multifactor authentication, requiring both a password and either a security token, biometric ID or key card.

5. Control Access to certain information. It is far more secure to provide need-to-know access to the right people within your organization to your sensitive data that could be stolen. Giving access to all or a high percentage of sensitive data to all your employees (and contractors and others) creates weakness in the system. With broad access, malware can more easily masquerade as someone who has access to the data. Related to this, you must consider level of access to your network and systems to third-parties like vendors or consultants. This way, if a breach does occur, the exposure will be limited because the sensitive data is effectively “walled” off.

6. Retain sufficient time-length of data and data logs. Often small and mid-sized businesses aren’t saving enough data because they’re underinvested in overall IT spending. They may keep network or system logs for three or perhaps six months only. Advanced malware attacks, by their very definition, take place over a period that often span many months to even a year, as recent cases have demonstrated. These advanced persistent threats (APTs) are long-running and consist of many different, seemingly unconnected pieces of malware. In order to paint a complete picture of how the attack evolved, you will need to rely on logs that span more than just a few months.

These six things that I have outlined also highlight a larger, overarching requirement: awareness. Being aware includes the recognition that, at some point, your business will likely be breached. If you’re involved in the ecosystem of today’s digital economy – whether you as an outsourcing element of a larger company, a small part of a healthcare provider network, or a boutique consulting firm servicing large clients – you are vulnerable. Just like the big guys.

KEYWORDS: cyber attack Small to Medium Business (SMB) security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Raj Dodhiawala is senior vice president and general manager at ManTech Cyber Solutions International, a provider of cyber security solutions specializing in comprehensive, integrated security support, including computer and network design, implementation, and operations.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber security

    6 enterprise data breach and cybersecurity defenses

    See More
  • Cybersecurity network around the globe

    6 ways to enhance defenses against cyberattacks

    See More
  • Person counting coins

    Report shows cybersecurity budgets increased 6% for 2022-2023 cycle

    See More

Related Products

See More Products
  • 150 things.jpg

    The Handbook for School Safety and Security

  • Photonic-Sensing.gif

    Photonic Sensing: Principles and Applications for Safety and Security Monitoring

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing