Stay in the know. Subscribe to Currents

Cybersecurity Checklist for Organizations with Less than 200 Employees

4 Mins read

Small organizations might think that adversaries primarily target large companies because they have more data to steal. As it turns out, threat actors do not discriminate based on organization size: A recent Netwrix survey shows that small businesses face the same cybersecurity threats as their larger counterparts, including phishing, account compromise and ransomware attacks.

Accordingly, SMBs must protect themselves on the same field of battle — but it is far from a level playing field. Large companies benefit from substantial budgets and advanced security solutions, and they often have specialized security teams who have the luxury of time to engage in tabletop exercises that allow them to develop, assess and refine response strategies. Smaller organizations lack these resources, so their IT teams must balance enhancing security with the ongoing routine of printer maintenance, laptop deployment and so on. Moreover, SMBs must often rely on established benchmarks and security frameworks as a foundation, while corporations typically build upon these with their own customized standards to further enhance their security posture.

Focus on Resilience

Still, no cybersecurity architecture (or budget) can prevent all attacks. The goal for any organization is to ensure cyber resilience — the ability to continue to function during and after an attack, or at least restore functionality quickly. Cyber resilience is vital for small organizations, since the inability to perform essential functions like generating invoices could have a severe impact, leading to customer churn, fines and other financial losses.

Begin with 9 Key Statements

To improve cyber resilience, IT teams need to concentrate their efforts on what really matters. But limited budgets and scarcity of dedicated security personnel can make devising a robust cybersecurity strategy particularly challenging for small organizations, leaving them unsure of where to start. A structured approach can simplify this process.

Here are 9 key statements designed to lay a solid foundation for cybersecurity and cyber resilience. Organizations should think of these as fundamental cybersecurity affirmations that are all vital in building a multi-layered defense system. This checklist is grounded in the need to enhance security across three key layers: data, identity and infrastructure.

1. We proactively adapt to current cyber threats.

Our organization adjusts its digital presence to align with the evolving threat landscape. This includes regularly updating systems and software and integrating proven technologies like multifactor authentication (MFA) for enhanced protection.

2. We can prevent infiltration of our digital presence.

Our efforts are focused on halting breaches in our digital space. This involves eliminating standing privileges, removing default privileged accounts and performing regular permission audits to reduce the risk of unauthorized access to crucial resources.

3. We can detect threats in their early stages and mitigate their impact.

We can promptly identify threats and minimize their impact. This includes robust change control across our infrastructure and identities. Regular backups, including our Active Directory, enable us to rapidly restore configurations and minimize operational disruptions.

4. We can absorb a successful infiltration of parts of our digital presence.

Our digital infrastructure is equipped to endure attacks in certain areas. We use strategies such as network segmentation and least privilege management to contain attacks and provide time for full mitigation to ensure business continuity.

5. We proactively manage our digital presence to anticipate further infiltration.

By tightly controlling membership in all user and admin groups, we guard against privilege escalation and shadow admin rights. We employ Group Policy management, strict password policies, and group and identity management to reinforce this control and receive prompt alerts.

6. We have adapted our digital processes to ensure we can operate while under attack.

In the event of a disruptive incident, we have established protocols to revert to non-digital methods, including pen and paper, if necessary. Regular tabletop exercises are conducted to develop and refine incident response plans for various potential scenarios.

7. We can anticipate new TTPs used to intrude into our digital presence.

We stay ahead of new tactics, techniques and procedures (TTPs) that could target our digital infrastructure by leveraging threat intelligence feeds, enforcing the least privilege principle and employing MFA to enhance preparedness against zero-day attacks.

8. We never stop evolving in our security.

Our security measures evolve alongside our business processes, enhancing our resilience to potential impacts. This ongoing enhancement prepares us for any successful attack, ensuring we have robust fallback plans in place at all levels as our business grows and transforms.

9. We can sustain a successful breach and bounce back to regular operations.

Our capacity to recover quickly from a breach is fortified by regularly updating our disaster recovery and business continuity plans. Our proactive approach includes diligent data classification, robust data backup procedures and configuration monitoring, all of which is instrumental in minimizing downtime and facilitating a rapid return to normal operations.

By using these statements, SMBs can both fortify their defenses against cyber threats and audit their environment for attacks in progress. While resource constraints remain a challenge, this guide offers practical steps towards building a more resilient security posture. For those facing limitations, outsourcing certain tasks to MSPs or MSSPs could be a cost-effective alternative to help ensure that essential cybersecurity measures are in place.

Dirk Schrader is Resident CISO (EMEA) and VP of Security Research at Netwrix. A 25-year veteran in IT security with certifications as CISSP (ISC²) and CISM (ISACA), he works to advance cyber resilience as a modern approach to tackling cyber threats. As the VP of Security Research, Dirk is working on focused research for specific industries like Healthcare, Energy or Finance. As the Field CISO EMEA he ‘speaks the language’ of Netwrix’ customers & prospects to facilitate a fit for purpose solution delivery.

Cybersecurity stock image by Monkey Business Images/Shutterstock

Related posts

How to Detect Deception From a Former CIA Officer

5 Mins read
As a former CIA Officer, one of the most useful skills I still use to this day is the ability to detect…

How to Improve Public Speaking Skills, and Why It Helps Your Business

4 Mins read
Public speaking is an essential skill in any small-business owner’s arsenal. Articulation is helpful when speaking with clients, addressing your team during…

Answering the FAQ About Tax Form 941

3 Mins read
Running payroll for businesses is quite complex, and employers must have a huge responsibility to withhold taxes from employees. One of the…