Cyber security guide for Small Business

SOCFortress
7 min readAug 6, 2024

--

Intro

For a small business, even a minor cyber security incident can have devastating impacts.

The Australian Cyber Security Center (ACSC) has published the “Small business cyber security guide” and the “Small business cyber security checklist”. These cyber security guides include basic security measures to help protect SMBs against common cyber security threats.

Threats to small businesses

Scam messages

Cybercriminals may try and scam your business through email, text messages, phone calls and social media. They will often pretend to
be a person or organisation you trust.

Of particular concern to small businesses are phishing attacks. These scams often contain a link to a fake website where you are encouraged to
log in to an account or enter confidential details.

Email attacks

Criminals can impersonate business representatives by using compromised email accounts, or through other means — like using
a domain name that looks similar to a real business.

Aside from stealing information, the goal of these attacks is usually to scam victims into sending funds to a bank account operated by the scammer.

Office 365 Integration and Threat Intel

For companies running Exchange Online, the Office 365 integration + Threat Intel will flag emails by detection method and will highlight the delivery action:

Malicious software

Malware can stop your device from working properly, delete or corrupt your files, or allow others to access your personal or business information.

If your device is infected with malware, you could be vulnerable to other attacks. The malware could also spread to other devices on your network.

SOCFortress — EndPoint Protection Integrations

SOCFortress has integrations available for a broad range of end point protection solutions, providing a single pane of glass for all event types collected.

SOCFortress — Persistent Foothold Detection

Malicious software will try to find ways to persist after a computer reboot. Using Microsoft Sysinternals tools it is possible to a scan all registry keys loaded at boot time and their hash signature can be checked against VirusTotal:

SOCFortress — Scan of Executable Files in Users Folder

Using Microsoft Sysinternals tools it is possible to find executable files, regardless of their extension, found in folders under “c:\users”. All files hashes will analysed in VirusTotal:

Secure your accounts

Turn on multi-factor authentication

MFA adds another layer of security to your account. It is one of the most effective ways to protect your accounts from someone getting access, so you should use it wherever possible.

Office 365 Integration and AzureAD Activity (Users and Devices)

The Office 365/AzureAD integration provides insights about users and devices activity.

Logon methods where “UserAuthenticationMethod = 1” indicate lack of 2FA in the logon process for any user account

Implement access controls

Restricting access will help limit the damage caused by a cyber security incident.

Users and Groups Activity

Track down users and groups activity/admin actions in out organzation:

User accounts created or modified:

Accounts locked out:

Accounts added to privileged groups:

AD Groups adeed or modified:

Use strong passwords or passphrases

For accounts that you sign into regularly, or that you otherwise don’t want to store in a password manager, consider using a passphrase as your password.
Passphrases are a combination of random words, for example ‘crystal onion clay pretzel’.

CIS Benchmarks for Windows OS

Security configuration assessment against the CIS benchmarks will highlight, amongst others, inadequate GP settings related to users password policies (password lengths, complexity, expiry, etc.).

Manage shared accounts

Limit the use of shared accounts and secure any that are used in your business.

Protect your devices and information

Update your software

Regularly updating your software will reduce the chance of a cybercriminal using a known weakness to run malware or hack your device.

Vulnerability Scan

Identify Linux and Windows systems by OS release missing security patches

Windows HotFixes not installed

Detected vulnerabilities by severity

Use security software

Many small businesses can use Windows Security to protect themselves from viruses and malware.
Windows Security is built-in to Windows 10 and Windows 11 devices and includes free virus and threat protection. You can also use it to turn on
ransomware protection features on your device.

CIS Benchmarks for Windows OS — Windows Defender and Advanced Firewall

The Center for Internet Security (CIS) Benchmarks provide detailed security controls to enhance the security posture of various systems and tools, including Windows Defender and Windows Firewall:

  • Ensure ‘Turn on behavior monitoring’ is set to ‘Enabled’: This setting helps to detect and block suspicious behavior by monitoring and reporting on app activities.
  • Ensure ‘Turn on Microsoft Defender Antivirus’ is set to ‘Enabled’: This ensures that Microsoft Defender Antivirus is active and can protect the system against malware.
  • Ensure ‘Turn on real-time protection’ is set to ‘Enabled’: Real-time protection is crucial for detecting and stopping malware as it attempts to install or run on the system.
  • Ensure ‘Turn on network protection’ is set to ‘Enabled’: This feature helps protect against web-based threats by blocking connections to malicious content on the internet.
  • Ensure ‘Turn on Cloud-delivered protection’ is set to ‘Enabled’: Cloud-delivered protection uses up-to-date threat intelligence from Microsoft to protect against the latest threats.
  • Ensure ‘Turn on automatic sample submission’ is set to ‘Enabled’: Automatically submits samples of suspicious files to Microsoft for analysis.
  • Ensure ‘Monitor file and program activity on your computer’ is set to ‘Enabled’: Monitors and logs the activities of files and programs on the system.
  • Ensure ‘Configure detection for potentially unwanted applications’ is set to ‘Enabled’: Detects and blocks potentially unwanted applications (PUAs).

Main Challenges of IT Security Monitoring for SMBs

Limited Resources

  • Budget Constraints: SMBs often have limited budgets, making it challenging to invest in comprehensive security tools and technologies.
  • Staffing Issues: Hiring and retaining skilled cybersecurity professionals can be difficult due to competition with larger enterprises.

Complexity of Threat Landscape

  • Evolving Threats: Cyber threats are constantly evolving, and SMBs may lack the expertise to keep up with the latest threats and vulnerabilities.
  • Variety of Attacks: SMBs are targeted by a wide range of attacks, from phishing and ransomware to insider threats and DDoS attacks.

Regulatory Compliance

  • Compliance Requirements: SMBs must comply with various regulations (e.g., GDPR, HIPAA) that mandate specific security measures, which can be complex and costly to implement.
  • Audits and Penalties: Failure to comply can result in audits, fines, and reputational damage.

Detection and Response Capabilities

  • Limited Detection Tools: SMBs may not have access to advanced threat detection tools and technologies.
  • Slow Response Times: Without a dedicated security team, the response to incidents can be slow, leading to increased damage and recovery time.

Continuous Monitoring

  • 24/7 Monitoring: Continuous monitoring is essential for early threat detection, but SMBs may lack the resources to maintain around-the-clock surveillance.
  • Alert Fatigue: Managing and responding to a high volume of alerts can overwhelm limited IT staff.

Benefits of Relying on MSSPs

Cost-Effectiveness

  • Economies of Scale: MSSPs can provide advanced security services at a lower cost due to their ability to spread costs across multiple clients.
  • Predictable Costs: SMBs can benefit from predictable, subscription-based pricing models.

Access to Expertise

  • Skilled Professionals: MSSPs employ experienced security professionals who stay updated on the latest threats and technologies.
  • Advanced Tools: SMBs gain access to sophisticated security tools and technologies that would be cost-prohibitive to purchase independently.

Improved Threat Detection and Response

  • Proactive Monitoring: MSSPs provide 24/7 monitoring and can detect and respond to threats in real-time.
  • Incident Response: MSSPs have established protocols for incident response, helping to mitigate damage and reduce recovery times.

Regulatory Compliance

  • Compliance Support: MSSPs can help SMBs achieve and maintain compliance with relevant regulations by providing necessary security controls and documentation.
  • Audit Assistance: MSSPs can assist with preparation for audits and help ensure compliance requirements are met.

Focus on Core Business

  • Reduced Burden: By outsourcing security monitoring, SMBs can free up internal resources to focus on their core business activities.
  • Peace of Mind: Knowing that security is managed by experts allows business leaders to concentrate on growth and innovation without constant worry about security threats.

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html

--

--

SOCFortress

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).