Cybersecurity Advice for Small and Medium Businesses

Raising cybersecurity awareness and sharing SMB information security success stories

Countless studies suggest that the smaller, less-funded, under-staffed, and oftentimes less aware businesses don’t have the means and wherewithal to stand up a cyber defense akin to what their larger cousins do. This is unfortunate, as this segment of the supply chain represent a significant chunk of risk - not just to themselves, but also to their business partners, and therefore, the supply chain as a whole.

The fact that it’s hard for these smaller companies to get a handle on their security posture doesn’t mean something can’t be done to address this risk. That’s where this Small and Medium Business column and webinar series comes in.

ITPSmagazine will be partnering with industry luminaries from around the world that have the first-hand experience and the expertise to help us raise awareness for this massive, underserved group of companies. In addition to raising awareness, we will begin to share stories of success and best practices that will help small- and medium-sized businesses take the first and subsequent steps necessary to address the cyber risks they face - increasing their security posture without breaking the bank.

  Upcoming SMB Cybersecurity Webcasts on ITSP TV

The Full Webcast Series: Your Small Business Will Be Hacked - Because It Is Easy.


10:00 am - 11:00 am PST | 1:00 pm - 2:00 pm EST

Some small and medium sized businesses make the assumption that because they don’t sell their goods or services online that they are not a target for cybercrime. Unfortunately, this is an assumption that is not rooted in reality. Unless the business - and it’s employees - are completely ‘off the cybergrid,’ so to speak, their connection to the Internet (think e-mail, a presence on social media, and even just a simple website) introduces risk that the business owners should at least be aware of. Sure, as a business owner, choosing to accept the risk is one option for dealing with it, but flat-out ignoring the risk could define the company’s success or failure. Join us for this webcast to learn about the cyber risks associated with your business being connected to the Internet, even if you don’t sell online.


10:00 am - 11:00 am PST | 1:00 pm - 2:00 pm EST

Hacking is not a new concept—it’s been around for as long as humans can remember. With each new technology introduced into society, people and businesses find ways to push it to the edge; getting more done, sometimes in new and exciting ways. Yet, at the same time, cybercriminals and other malicious actors are also pushing these same technologies to their own edge. Most business don’t think of the technologies they use in this way. Most only think of the business benefit they will get from their investment. The issue, of course, is that while they are looking at this innocently from their own perspective, cybercriminals are looking for ways to make a buck of their own. History repeats itself, however, and we can—and should—learn from the past. Join us for this webcast as we look back in time to apply the tried-and-true learnings and best practices to today’s business environment.


Episode IV: What is Cyber Security and Cyber Risk? Why Should You Care?
Episode V: How Can You Tell if You've Already Been Hacked?
Episode VI: Cyber Security Basics - Getting Started with Prevention



We are in the process of scheduling the full series of webcasts.
Click the button below to get notified when registrations open up.

  Recorded SMB Cybersecurity Webcasts on ITSP TV



Join us for a conversation as we begin to peel back the cybersecurity covers to answer these questions:

• What can happen to small businesses during a cyber attack?
• What’s at stake when a breach occurs?
• Why does it have to be so scary and intimidating?

This episode was recorded on January 11, 2018

Enjoy, share it, and let us know if you have any questions that we can answer in the next episodes. 

Learn More


Join us for this introductory webinar as we discuss:

• Why this topic is so important
• Who should care about this webinar series
• What attendees can expect from this webinar series
• A brief overview of the topics and calendar of events


Sean Martin | CISSP, Founder and Editor-in-Chief, ITSPmagazine

Guest Experts:
Russell Mosley | Director, Infrastructure & Security, Dynaxys
Rusty Sailors | Chairman, Protecting Tomorrow
Tom Caldwell | Senior Director of Engineering at Webroot

Small and medium businesses face countless threats, most of which have a human at their origin. These criminals, driven by financial gain, are essentially business owners – not unlike yourself – who are looking to spend as little money and as few resources as necessary to generate as much revenue as possible. Therefore, most cybercriminals target businesses that have one more more of the following attributes:

  • Employees have access to computers, laptops, company email, POS terminals/tablets, customer service portals and other business resources that collect and/or store business and customer information
  • The budget does not include cybersecurity protection measures
  • The budget has little to nothing allocated for employee awareness training
  • They think they are too small, have no useful information, are off the cybercrime radar, and are therefore not a target

Since most attacks aren’t really targeted in nature, that last point may not be too far off the mark. BUT this doesn’t mean that these business are off the hook. On the contrary, it means that it’s as simple as taking candy from a baby to breach an SMB. Why would cybercriminals spend a lot of money going after a Fortune 1,000 when they can spend just a few bucks to crack a small business?

During this live webinar, we explore the types of threats that small and medium businesses face and the business risk associated with these threats. It’s easier to get hacked than you think and it’s just a matter of time before it happens. Will your business be prepared? Are you doing everything you can to protect yourself beforehand?

Knowing that perfection is not possible, our panel of experts will look at 4 key steps that small and medium businesses can take to reach a reasonable level of cybersecurity:

  • How to conduct an analysis in order to determine risk and the need to focus on cybersecurity within your business
  • How to assess the cost of a breach, a loss of information and the impact that a cybersecurity event can have on your customers and partners
  • How to create a plan to protect your systems, information, revenue and customers’ data
  • Best practices for guiding your implementation: from segmentation to employee access control policies to information protection controls

  SMB Cybersecurity Podcasts on ITSP Radio

Avi Bartov, CEO and Co-founder of GamaSec talks about SMBs need for prevention, response, and recovery plans.

In this podcast we have a conversation with Avi Bartov CEO and Co-founder of GamaSec.

From retail shops (online and brick-and-mortar) to local healthcare providers, from accountancies to law firms, from manufacturing and services providers; even the mom-and-pop shop just around the corner... they all need to be cybersafe. They may have different driving forces and a variety of reasons to be secure, but one thing is for sure, they all need to be. 

Let’s learn about the need to offer a 360º approach that includes prevention, response, and recovery. Let’s learn about the cultural differences SMBs possess in the way they approach cybersecurity issues; especially as it changes in different countries/ companies of all sizes - especially those often left behind because they are perceived to be too small or don't have an information security budget worthy of pursuing - need to start looking at cybersecurity not as a cost, but as an investment.

Alex Horan from Onapsis describes the risks small and medium business face using cloud-based systems

Many small and medium business leverage the cloud to enable their business - and a good number of those companies are using cloud-based ERP systems to operate their business. Moving the cloud, however, doesn’t mean the risk of a cyberattack is eliminated. Organizations need to recognize that regardless of where the systems are located and how they are being used, they need to be configured properly, updated regularly, and monitored for misuse, abuse, and compromise. Why is this important? Because small and medium businesses face a lot of risk when it comes to security, and are oftentimes paralyzed due to a lack of knowledge… assuming they are even aware of the risk in the first place. During this interview with Alex Horan, Director of Product Management for Onapsis, we discuss the fact that small and medium sized business are a target as a category…the risk is real and the results of a successful cyberattack could be catastrophic to their business. Companies may not realize what types of data are sitting in the cloud services they are using, nor what the risks are to that data. Join us for this special SMB series of podcasts, where, in this episode specifically, Horan shares a few tips to help get small businesses off and running.

What makes a business more susceptible to attack? Neill Feather from SiteLock explains.

Websites run the business - and you want yours to be available for good visitors, but how can you tell the good from the bad? To make matters worse, there are a variety of attacks and compromise to consider: it’s not just malware or a denial of service attack that could make or break the business. In fact, based on recent survey data from SiteLock, two-thirds of customers won’t go back to a company whose website had been breached. Feather also suggests that dealing with an attack against a website is very different - and requires very different tools - than an attack resulting in an endpoint compromise. What makes a business more susceptible to attack you ask? You’ll want to listen to this interview with Neill to find out. He shared his insights on these topics, and more, during his chat with ITSPmagazine's Sean Martin during Black Hat 2017.

William Dixon [Kroll] and Charly Bun [Rapid7] discuss Managed Security Service Providers [MSSPs]

William Dixon from Kroll and Charly Bun from Rapid 7 share some of their own horror stories about managed security service providers. What mistakes are made? What things are missed? What should the RFP look like? What are some of the common misconceptions? And… more importantly, how can these learnings be applied to making a better, more informed, decision when it comes to outsourcing security management for your organization?

Michael Schell, the Innovate Pasadena event organizer eloquently moderates the discussion (as he always does), drawing out interesting questions from the audience and key points from the 2 experts. While originally geared toward the SMBs, this conversation is spot on for companies of all sizes: small, medium, large, and enterprise.

The impact the social media can have on businesses. Even those 'not online'

Even companies that aren’t running an online business can have serious negative effects on their business from their customers that do. In this part 2 of 3 series, Paul San Soucie chats with ITSPmagazine's Sean Martin to discuss the impact social media can have on business and how a lack of data integrity can change the direction of a cyber investigation. When it comes to social media as a means to conduct cyber extortion... do you know who your adversaries are?

Will the GDPR be a forcing factor for how companies operate their websites? Chris Olson explains.

GDPR will become a forcing factor for organizations to pay closer attention to how their data is collected, traded, and managed. During Black Hat USA 2017, Debra Farber, host of The Privacy Pact, talks with Chris Olson, CEO of The Media Trust. He suggests that ultimately, GDPR will drive consumer trust in the right direction. Companies can take better control over their data ecosystem, where up to 75% of their web environment is driven by 3rd party code and services.

Travis Smith, Principle Security Researcher at Tripwire, continues his work on My Bro the Elk with SMBs in mind

Travis Smith, Principle Security Researcher at Tripwire, continues his work on My Bro the Elk - working on it in the context of the small and medium sized businesses. Sean Martin, ITSPmagazine's editor-in-chief, originally covered this topic with Travis presenting a session during Black Hat 2015. This article ended up being ITSPmagazine’s first on-publication article.

Travis is now focusing on the SMB market as they are a targeted entity and are often underfunded and understaffed. Travis' work with the new My Bro the Elk combines technologies to create insights, and combines them as part of what he calls the "Sweet Security" offering which monitors network traffic while providing protection as well.

During our conversation, Smith also offers some core best practices, including network segmentation, which is handles virtually with the Sweet Security device. Goodness all around from Travis, for sure.

Interested parties can find the application stack is absolutely free at:

Are We Selling - And Therefore Buying - Information Security Wrong?

Rick McElroy from Carbon Black and Ted Harrington from Independent Security Evaluators sit down with ITSPmagazine's Sean Martin to discuss threat modeling, infosec planning, cutting through the marketing noise, the need to trust but verify, the value of assess and measure, and how critical it is to focus on the things that matter.

Small and medium business need to view infosec as more than a point-in-time event says Harry Wan

What are some of the areas where small- and medium-sized businesses think they are doing OK with their cybersecurity program but really aren’t up to snuff? Listen to this podcast with Harry Wan, CTO and Co-Founder of DatumSec, now a Prevalent company and ITSPmagazine's editor-in-chief, Sean Martin. The two explore where or not these smaller companies are they ready for a ransomware attack. And, what about the possibility of these less-protected companies not only harming their own business, but also putting their business partners at risk? What can they do to raise the bar on their security posture? Harry provides some minimal security best practices that every company should explore, including the option to leverage a manage security services provider (MSSP).

  SMB Cybersecurity Experts Articles on ITSPmagazine

Small Business Cybersecurity Awareness and SMB InfoSec Education Series
Expert InfoSec Webinars and Webcasts | Cybersecurity Podcasts | Information Security Articles