Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity News

6 Defenses for SMB Cybersecurity

By Raj Dodhiawala
April 13, 2015

If you as a business owner think that just because you’re not a huge corporation with thousands of employees you’re therefore immune to cyberattacks… Think again.

In today’s networked, digital economy, the only thing you need to make yourself attractive to the cyber bad guys is to possess, or merely enable access to, sensitive digital information like credit cards and social security numbers. We have all seen the headlines where huge corporations including Home Depot, Target, Sony and Anthem have fallen victim to cyberattacks that resulted in exfiltration of tens of millions of sensitive personal records. Because of today’s interconnected business ecosystem, your company doesn’t have to be a corporate behemoth to be breached; the size, scope and scale of your business is irrelevant to cybercriminals. The cliché “not if but when” applies to organizations of all sizes.

With this in mind, we recommend six areas that any small- or mid-sized business must consider to better defend itself against cyberattacks.

1. Security does cost, but lack of security costs even more.Many small and mid-sized companies often say that doing digital security “right” seems expensive. Think of a home alarm system. It may seem expensive until burglars break in. Cybersecurity surely is an added cost until, say, a data breach happens that becomes a lot more expensive to fix and to recover from. You do need to invest in layered security from the perimeter to your endpoints commensurate with the sensitivity of your data.

2. Establish an incident response plan.An incident response plan must include education, prevention and response processes. It should include things like maps of all endpoints, contingency plans for all possible situations, assignment of the Program Management role and establishment of a command center location in advance. Furthermore, employees should be trained specifically what to look for in terms of suspicious behavior. Once you know an incident occurred, you need to charge an employee with managing the response to it, which might well entail working with your legal department, attorneys and law enforcement.

3. Know your environment.For example, if you’re buying a payment processing system that claims it is PCI-compliant, be sure that it actually is. Trust but verify. You also need to have a clear map of where your sensitive data resides and how it’s protected, both from access via the network and from the endpoints where the data is stored or processed.

4. Passwords alone aren’t enough.First, enforce the strong password policies that your authentication system (like Active Directory) already provides. Beyond this, you can use multifactor authentication, requiring both a password and either a security token, biometric ID or key card.

5. Control Access to certain information. It is far more secure to provide need-to-know access to the right people within your organization to your sensitive data that could be stolen. Giving access to all or a high percentage of sensitive data to all your employees (and contractors and others) creates weakness in the system. With broad access, malware can more easily masquerade as someone who has access to the data. Related to this, you must consider level of access to your network and systems to third-parties like vendors or consultants. This way, if a breach does occur, the exposure will be limited because the sensitive data is effectively “walled” off.

6. Retain sufficient time-length of data and data logs. Often small and mid-sized businesses aren’t saving enough data because they’re underinvested in overall IT spending. They may keep network or system logs for three or perhaps six months only. Advanced malware attacks, by their very definition, take place over a period that often span many months to even a year, as recent cases have demonstrated. These advanced persistent threats (APTs) are long-running and consist of many different, seemingly unconnected pieces of malware. In order to paint a complete picture of how the attack evolved, you will need to rely on logs that span more than just a few months.

These six things that I have outlined also highlight a larger, overarching requirement: awareness. Being aware includes the recognition that, at some point, your business will likely be breached. If you’re involved in the ecosystem of today’s digital economy – whether you as an outsourcing element of a larger company, a small part of a healthcare provider network, or a boutique consulting firm servicing large clients – you are vulnerable. Just like the big guys.

KEYWORDS: cyber attack Small to Medium Business (SMB) security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Raj Dodhiawala is senior vice president and general manager at ManTech Cyber Solutions International, a provider of cyber security solutions specializing in comprehensive, integrated security support, including computer and network design, implementation, and operations.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Top Cybersecurity Leaders
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Education & Training
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Mobile small business checkout

    Today's top three challenges hindering SMB cybersecurity

    See More
  • password1-900px.jpg

    5 Password Tips for SMB Data Breach Prevention

    See More
  • How Asset and Key Controls Improve Efficiency for SMB Market

    See More

Related Products

See More Products
  • 150 things.jpg

    The Handbook for School Safety and Security

  • Physical Security and Safety: A Field Guide for the Practitioner

  • Photonic Sensing: Principles and Applications for Safety and Security Monitoring

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing