In an increasingly digital landscape, small and medium sized companies must prioritize cybersecurity to safeguard their data, protect privacy, and ensure the stability of their data and workflow systems. This article outlines the crucial initial steps that small companies should take to establish a strong cybersecurity foundation.
After the summary of step by step priorities, in the back half of the article we list out open source, government-provided, budget and more premium tools to utilize for every objective. Many of the tools may overlap and provide multiple functions, but generally it will be necessary to select a variety of tools plus hands-on awareness to accomplish an effective cybersecurity defense and mitigations.
Muster the time, attention and resources you can to address the following steps in the order below to get your company headed in the right direction:
1. Conduct a Risk Assessment
Start by assessing potential risks and vulnerabilities within your company's digital infrastructure. Identify critical assets, data, and systems that require protection. Evaluate potential threats and weaknesses that could compromise the confidentiality, integrity, or availability of these resources.
Ok, sounds like a good idea right, but how to go about conducting such an assessment methodically? Of course can hire cybersecurity consultants like SEIRIM, but even if have an internal team, it’s worth getting comfortable firsthand with some frameworks and concepts to accomplish a risk assessment well. See our section down below for many options. (similarly for all following steps)
2. Establish a Cybersecurity Policy
Develop a comprehensive cybersecurity policy that outlines guidelines, procedures, and responsibilities for all employees. Address topics such as password management, acceptable use of company systems, data handling practices, and incident response protocols. Regularly communicate and educate employees about this policy.
3. Implement Strong Access Controls
Enforce strict access controls to limit data exposure and prevent unauthorized access. Implement strong password policies, including requirements for complexity and regular updates. Consider multi factor authentication for added security. Restrict access rights based on employees' roles and responsibilities.
4. Regularly Update and Patch Systems
Keep all software, operating systems, and applications up to date with the latest security patches. Vulnerabilities in outdated software can be exploited by attackers. Regularly apply patches and updates to ensure systems are protected against known vulnerabilities.
5. Backup and Disaster Recovery Planning
Implement a robust backup strategy to ensure the availability and integrity of critical data. Regularly back up data to secure offsite locations or cloud storage. Test the restoration process periodically to ensure backups are viable. Develop a disaster recovery plan to mitigate the impact of potential incidents.
6. Network Security Measures
Implement a layered approach to network security. Utilize firewalls, intrusion detection and prevention systems, and secure network configurations. Segment your network to limit lateral movement in case of a breach. Regularly monitor network traffic and logs for signs of suspicious activity.
7. Educate and Train Employees
Invest in regular cybersecurity training and awareness programs for all employees. Educate them about common cyber threats, such as phishing attacks and social engineering. Teach them how to identify and report potential security incidents. Promote a culture of security awareness and accountability throughout the organization.
8. Implement Antivirus and Endpoint Protection
Deploy reputable antivirus software and endpoint protection tools across all devices within your organization. Ensure that these solutions are regularly updated and perform real-time scanning. Regularly scan for malware and other malicious software to detect and prevent potential threats.
Practical Tools
Following the steps above, we suggest considering some practical tools and resources to help accomplish all of the tasks in the process detailed above.
Risk Assessment Frameworks:
Frameworks that can be used to conduct cybersecurity risk assessments for a small and medium-sized enterprise company include:
Open Source or Government Sponsored Frameworks:
NIST Cybersecurity Framework (CSF): The NIST CSF is a widely recognized framework that provides a structured approach to managing and mitigating cybersecurity risks. It aligns with industry standards and best practices, offering guidance on risk assessment, risk management, and cybersecurity program development.
The Center for Internet Security Risk Assessment Method (CIS RAM) is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Critical Security Controls (CIS Controls) cybersecurity best practices. The CIS RAM Family of Documents provides instructions, examples, templates, and exercises for conducting a cyber risk assessment.
Open FAIR (Factor Analysis of Information Risk) is an open-source framework that focuses on quantifying and analyzing cybersecurity risks in financial terms. It provides a structured methodology for risk assessment, allowing SMEs to assess and prioritize risks based on factors like asset value, threat frequency, vulnerability, and potential impact.
OCTAVE FORTE: a process model developed by Carnegie Mellon university that helps organizations evaluate their security risks and use enterprise risk management (ERM) principles to bridge the gap between executives and practitioners. It emphasizes a self-directed approach where organizations assess their critical assets, identify vulnerabilities and threats, and develop risk mitigation strategies. It incorporates business-focused risk assessment and control prioritization.
Premium Framework:
ISO 27001: is an internationally recognized information security management standard. While implementation and certification can be more resource-intensive, it provides a comprehensive framework for SMEs to assess and manage cybersecurity risks. ISO 27001 covers risk assessment, risk treatment, and the establishment of an Information Security Management System (ISMS) for continuous improvement.
Cybersecurity Policy Frameworks:
Similar and connected to the Risk Assessment process above, the establishment of your company’s cybersecurity policy grows from the approach decided upon to address those risks; so these tools may overlap.
CIS Controls: The Center for Internet Security (CIS) Controls provides a comprehensive set of best practices for cybersecurity. They offer specific actions and guidelines that can help organizations develop and implement effective security policies. The CIS Controls cover various areas, including inventory and control of hardware and software, secure configurations, continuous vulnerability management, and incident response.
NIST Cybersecurity Framework (CSF): as listed above for risk assessments, the CSF's core functions—Identify, Protect, Detect, Respond, and Recover—help organizations develop a comprehensive cybersecurity policy.
ISO 27001 as mentioned above. ISO 27001 emphasizes a risk-based approach and requires organizations to develop a comprehensive set of policies and procedures to address information security risks.
SANS Security Policy Templates: SANS Institute offers a collection of free security policy templates that cover various areas of cybersecurity, such as acceptable use, incident response, data classification, and remote access. These templates provide a starting point for organizations to customize policies based on their specific needs, helping them establish a strong cybersecurity policy foundation.
Industry-Specific Guidelines and Regulations: Depending on the nature of your organization's operations, there may be industry-specific guidelines and regulations that provide valuable insights for developing cybersecurity policies. Examples include the Payment Card Industry Data Security Standard (PCI DSS) for companies handling payment card data or the Health Insurance Portability and Accountability Act (HIPAA) for healthcare organizations.
Access Control Tools:
It is imperative to limit the access of users to only the data they need and have authorization to access, and to monitor that access over time so it remains as narrow as possible to minimize exposure.
Open Source Access Control Tools:
OpenLDAP: is an open source implementation of the Lightweight Directory Access Protocol (LDAP). It provides a centralized directory service for managing user identities and access control policies. OpenLDAP enables organizations to control access to resources through user authentication, authorization, and role-based access control (RBAC).
FreeIPA: is an open source identity management solution that combines several technologies, including LDAP, Kerberos, and DNS. It provides centralized authentication, authorization, and access control for Linux and Unix environments. FreeIPA simplifies user and group management, allowing organizations to enforce access policies effectively.
Budget-Friendly Access Control Tools:
Microsoft Azure Active Directory (Azure AD): is a cloud-based identity and access management (IAM) solution offered by Microsoft. It provides user authentication, access control, and single sign-on capabilities for cloud-based and on-premises resources.
Okta: is a cloud-based IAM platform that provides access management, authentication, and single sign-on capabilities. It allows organizations to define access policies, enforce multi-factor authentication (MFA), and manage user identities across various applications and systems.
Premium Access Control Tools:
Cisco Identity Services Engine (ISE): is an enterprise-grade access control solution that provides policy-based access control and enforcement. It integrates with network infrastructure to authenticate users, authorize access, and enforce security policies. Cisco ISE offers advanced features like posture assessment, guest access management, and integration with other security tools.
SailPoint IdentityIQ: is an identity governance and access management platform. It enables organizations to manage user identities, govern access privileges, and enforce access policies across diverse systems and applications. SailPoint IdentityIQ offers features such as access request workflows, segregation of duties (SoD) controls, and access certification.
Systems Updating and Patching Tools:
Tools that can help small companies regularly update and patch their systems in cybersecurity:
Vulnerability Scanners: Vulnerability scanning tools like OpenVAS, Nessus, or Qualys can automate the process of identifying vulnerabilities in your systems. They scan networks, servers, and applications, providing reports on discovered vulnerabilities and recommended patches or mitigation strategies.
Patch Management Solutions: Patch management tools such as SolarWinds Patch Manager, ManageEngine Patch Manager Plus, or Microsoft WSUS (Windows Server Update Services) can help automate the deployment of patches across systems. These tools centralize patch management, ensuring that systems are kept up to date with the latest security patches and updates.
Operating System and Application Update Tools: Leverage built-in update tools provided by operating system vendors, such as Windows Update for Microsoft Windows or Software Update for macOS. Additionally, many applications offer automatic update functionality, which should be enabled to ensure the latest security patches are applied promptly.
Configuration Management Tools: Configuration management tools like Ansible, Puppet, or Chef can help automate the deployment of standardized system configurations and facilitate patch management. These tools enable efficient management of system settings and configurations across multiple systems, ensuring consistent patching practices.
Endpoint Protection Suites: such as Symantec Endpoint Protection, Trend Micro OfficeScan, or Bitdefender GravityZone, often include patch management capabilities. These suites provide a comprehensive solution that combines antivirus, firewall, and patch management features to protect endpoints and ensure timely patching.
Vulnerability Management Platforms: Vulnerability management platforms, like Rapid7 InsightVM, Tenable.io, or Qualys Vulnerability Management, offer end-to-end solutions for identifying vulnerabilities, prioritizing risks, and managing the remediation process. They provide detailed vulnerability reports and assist in patch management efforts.
Backup and Data Recovery Tools:
Utilize - and just as importantly test and verify the proper functionality - tools that can assist in backup and recovery of data:
Backup Software: Backup software solutions such as Veeam Backup & Replication, Acronis Backup, or Veritas Backup Exec help automate the process of creating regular backups of critical data. They enable scheduled backups, incremental or differential backup strategies, and efficient data deduplication, ensuring data integrity and availability for recovery in case of cyber incidents.
Cloud Backup Services: Cloud backup services like AWS Backup, Google Cloud Backup, or Microsoft Azure Backup provide secure and scalable cloud storage options for backing up critical data. These services offer features such as automated backups, versioning, and geo-redundancy to ensure data durability and facilitate easy recovery from cloud-based backups.
Snapshot and Replication Tools: Snapshot and replication tools provided by storage vendors like VMware vSphere, Dell EMC RecoverPoint, or NetApp SnapMirror enable point-in-time copies of data and facilitate rapid recovery in case of data loss or system failures. These tools create efficient and consistent copies of data, minimizing recovery time objectives (RTO) and recovery point objectives (RPO).
Disaster Recovery as a Service (DRaaS): DRaaS solutions, such as Zerto, Druva Phoenix, or IBM Resiliency Orchestration, offer comprehensive backup and disaster recovery capabilities. They provide a combination of backup, replication, and recovery features, allowing organizations to restore critical systems and data quickly in the event of a cyber incident or natural disaster.
File Synchronization and Sharing (FSS) Tools: File synchronization and sharing tools like Dropbox, OneDrive, or Google Drive can serve as supplementary backup solutions. They provide cloud-based storage, automatic synchronization, and versioning features, ensuring that important files are backed up and easily recoverable from multiple devices.
Offline or Offsite Backup Solutions: involve physically storing backups in secure locations away from the primary infrastructure. This can include techniques like tape backups or external hard drive backups that are stored in a separate location, providing an additional layer of protection against cyber threats.
It's essential to consider factors such as data encryption, access controls, and data restoration capabilities when selecting backup and recovery tools. Regular testing of backup integrity and restoration processes is also crucial to ensure the reliability and effectiveness of the backup strategy.
Network Security Measures:
Commercial solutions and tools that can be deployed for network security:
Cisco Security Suite: offers a comprehensive suite of network security products, including firewalls (Cisco ASA, Cisco Firepower), secure access solutions (Cisco ISE), intrusion prevention systems (Cisco IPS), and secure email gateways (Cisco Email Security). These solutions provide robust network security measures and are widely adopted in enterprises.
Palo Alto Networks Next-Generation Firewalls: offers next-generation firewalls that provide advanced threat detection and prevention capabilities. Their firewalls combine traditional firewall functionality with features like intrusion prevention, URL filtering, application control, and advanced threat intelligence.
Fortinet Security Fabric: is an integrated platform that offers a range of network security tools and solutions. This includes next-generation firewalls (FortiGate), secure access solutions (FortiNAC), email security, endpoint protection, and secure SD-WAN. The Security Fabric allows organizations to deploy and manage multiple security solutions from a single platform.
Check Point Security Gateway: provides a comprehensive suite of security features, including firewall, intrusion prevention, virtual private network (VPN), application control, and anti-malware capabilities. It offers centralized management and advanced threat prevention mechanisms to protect networks from evolving threats.
Juniper Networks SRX Series: is a line of high-performance firewalls designed to provide scalable and secure network protection. The SRX Series integrates advanced security services such as intrusion prevention, application visibility and control, VPN, and unified threat management (UTM).
Symantec Endpoint Protection: is an advanced endpoint security solution that helps protect networks by providing antivirus, anti-malware, intrusion prevention, and host firewall capabilities. It offers central management and reporting features to monitor and respond to security events across endpoints.
Open source solutions and tools that can be deployed for network security:
Snort: is an open source network intrusion detection and prevention system (IDS/IPS). It analyzes network traffic in real-time and detects potential threats based on customizable rule sets. Snort helps identify and respond to security incidents, making it a popular choice for network security monitoring.
Suricata: open source IDS/IPS that offers high-speed network traffic inspection. It provides real-time threat detection, network intrusion prevention, and advanced logging capabilities. Suricata supports multi-threading and is well-suited for high-performance network security deployments.
Zeek (formerly Bro): is an open source network security monitoring tool that captures and analyzes network traffic at the packet level. It provides detailed insights into network protocols, detects anomalies, and aids in incident response and threat hunting. Zeek is highly extensible and customizable, making it valuable for network security analysis.
Security Onion: Security Onion is an open source platform for network security monitoring and analysis. It integrates multiple open source tools, including Snort, Suricata, Zeek, and others, to provide a comprehensive network security solution. Security Onion supports real-time traffic analysis, incident detection, and forensic investigation.
iptables: is a command-line tool for configuring firewall rules in Linux-based systems. It allows granular control over network traffic by setting up filters and security policies. iptables provides a robust firewall solution for securing networks and controlling access to services.
Employee Training and Education:
Knowledge and awareness are as important in cybersecurity as tools. Here are some potentially helpful online cybersecurity training courses for your organization:
SANS Institute offers a wide range of online training courses designed to raise awareness and educate employees on cybersecurity best practices. The courses cover topics such as phishing, password security, social engineering, and data protection.
KnowBe4: is a prominent provider of security awareness training solutions. They offer a comprehensive library of interactive and engaging online courses that address various cybersecurity topics. Their training modules focus on helping employees recognize and respond to common cyber threats effectively.
Infosec IQ: provides a diverse collection of online training modules for employee cybersecurity awareness. Their courses cover topics like email security, safe browsing, physical security, and incident response. The training content is regularly updated to reflect the evolving threat landscape.
Cybrary: offers a range of cybersecurity courses, including employee awareness training. Their training modules cover essential topics such as phishing awareness, secure communications, and social engineering defense. Cybrary provides both free and paid options for organizations.
CISA Cybersecurity Awareness Training: The Cybersecurity and Infrastructure Security Agency (CISA) of the United States offers free online training resources for employees. These resources provide guidance on various cybersecurity topics, including email security, password management, and safe browsing practices.
LinkedIn Learning: LinkedIn Learning (formerly Lynda.com) offers a variety of cybersecurity courses that can be utilized for employee awareness training. Their courses cover topics like cybersecurity basics, safe online practices, and protecting sensitive information.
Udemy: Udemy is an online learning platform that provides a wide range of cybersecurity courses suitable for employee awareness training. Their courses cover topics such as cybersecurity fundamentals, secure coding practices, and securing personal and corporate data.
Dion Training: is a favorite of ours at SEIRIM for cybersecurity training at all levels and towards certification programs. Most all courses from here also available at Udemy.
Intrusion Protection Systems (IPS):
IPS are key software tools to implement in a company’s proactive cybersecurity defense strategy. Many of these overlap with options from Network Security above appearing in integrated solutions.
Open Source IPS:
Snort: A widely used open source IPS that provides real-time traffic analysis and packet logging. It has a large community and extensive rule sets to detect and prevent network-based attacks.
Suricata: Another powerful open source IPS capable of inspecting network traffic for suspicious activities. It supports multi-threading and can handle high-speed networks effectively.
Budget-Friendly IPS:
pfSense: While primarily a firewall solution, pfSense offers IPS functionality through various packages. It provides network intrusion detection and prevention capabilities at a lower cost compared to some dedicated IPS solutions.
Security Onion: It is an open source platform that integrates multiple security tools, including an IPS, for network security monitoring. It is cost-effective and widely used in security operations centers (SOCs).
Premium IPS:
Cisco Firepower: A comprehensive IPS solution with advanced threat detection capabilities. It integrates with other Cisco security products and offers extensive reporting and management features.
Palo Alto Networks: Their IPS solutions, such as the Threat Prevention subscription, provide advanced threat detection, prevention, and integration with their security platforms. They offer comprehensive protection and advanced analytics.
Fortinet FortiGate: A unified threat management (UTM) platform that includes IPS functionality. It offers a range of features, including application control, antivirus, and intrusion prevention.
Antivirus and Endpoint Detection:
SEIRIM recommended solutions for antivirus and endpoint protection in corporate environments:
CrowdStrike Falcon: is a cloud-native endpoint protection platform that offers next-generation antivirus (NGAV), EDR (Endpoint Detection and Response), and threat intelligence capabilities. It provides real-time visibility into endpoint activities and leverages AI-driven threat prevention techniques.
Trend Micro Apex One: is a multi-layered endpoint security solution that integrates advanced threat protection, EDR, and centralized management. It utilizes behavior monitoring, machine learning, and exploit prevention to detect and block advanced threats across endpoints.
Carbon Black Cloud: is an advanced endpoint protection platform that combines NGAV, EDR, and threat hunting capabilities. It offers real-time visibility, automated response, and predictive analytics to detect and prevent sophisticated threats.
Microsoft Defender for Endpoint: provides comprehensive endpoint protection for Windows systems. It includes antivirus, advanced threat detection, EDR, and vulnerability management features. It integrates well with other Microsoft security solutions and offers centralized management through Microsoft 365 Defender.
Conclusion:
By prioritizing cybersecurity from the outset, small companies can protect their valuable data, maintain privacy, and ensure the stability of their data and workflow systems. Following these essential first steps will establish a strong foundation for a comprehensive cybersecurity posture. Remember, cybersecurity is an ongoing effort that requires continuous evaluation, adaptation, and improvement.
ABOUT THE AUTHOR
S.R. Schroeder
Founder of Seirim, S.R. focuses on the art and science of web design, cybersecurity and web development tech to help keep driving SEIRIM's projects and abilities forward.