Cybersecurity For Small Businesses

Background
Cyberattacks are not only for big corporations - small businesses lose thousands to phishing and hacks. These three simple steps can protect you without breaking the bank. In this article, we will describe how three security controls can reduce the likelihood of an incident or breach from occurring. Considering this article is tailored for small businesses, the security controls listed will not include data recovery and backup, penetration testing, third-party risk management, or controls of the like; these controls are simply out of scope for a three man manufacturing shop or a local retailer. The controls in this article are tangible items that a small business can implement over the weekend with some assistance from Google search and a large language model (LLM), such as Grok or ChatGPT.

Inventory Your Assets

First and foremost is understanding the number, type, and location of all your assets. Your assets include desktops, laptops, Internet of Things, software, and data. The location might be in the cloud or an on premises system.
We recommend this to be the first thing a small business does as it will be the base on which you can implement all other security controls. With this security control in place, you are given visibility into the assets you control.
There are several tools out there that can help. Given we are talking about small businesses, a solution as simple as paper and pencil will do! tRealistically, you do want to use a spreadsheet tool. Tracking should be limited to IP address, location of asset, purpose of asset, owner of asset, and asset name.

Enable MFA on Your Accounts

This is a simple one. Enable multi-factor authentication (MFA)! What more is there to say? MFA adds a level of complexity that most hackers will be thwarted by.
We recommend using what is already built into the systems you utilize. SaaS tools, Microsoft suite, and tools of the like come with MFA built in - typically by texting your phone a 6 digit code.
For better protection, MFA is typically a feature built into password managers. You can use this while also utilizing the password generator provided by password managers. Its a two birds, one stone situation!
Security Awareness
Today, most incidents and breaches happen because a human is in the loop of some process. These types of attacks are named social engineering attacks, where a hacker will socially engineer an exploit on humans. The most common of these attacks come from phishing emails. Phishing, and social engineering, has been the number one attack method for hackers for the last few years.
What can you do? We recommend having quick briefing meetings with your team to reminds them to always be on the look out for emails that stand out. Further, we recommend using free tools such as GoPhish. 
Thing to loook out for are emails from a service asking for payment - and you do not use that service, domain name (m1crosoft[.]com), and simply domains that you do not expect to be receiving emails from. Artificial Intelligence (AI) has unfortunately made phishing much easier for the hackers.

Fin

Cybersecurity can be complex for small businesses, but it does not have to be. Inventory control, enabling MFA, and security aware users are only but a small portion of the iceberg that is cybersecurity. These simple steps will surely reduce likelihood of being in the middle of a security incident or breach. We hope that this may be of use to SMBs out there that are pushing through their daily grind while trying to remain cybersecure. As always, we would be happy to work with you. Contact us at info@zeoinfosec.com for free fifteen minute cybersecurity checkup!