Cyverity

Get Started

Community-Powered Risk Management: Tools for Small Businesses

Young confident man with papers sitting in front of laptop

Speaker: James Tarala
Event: SANS Webcast
Date: January 24, 2025
Watch on YouTube: https://www.youtube.com/watch?v=Boa6EYYKV84 

Introduction 

In today’s digital landscape, small businesses face an increasing number of cybersecurity threats. Unlike large enterprises, these organizations often lack the resources, personnel, and expertise to build robust security programs. In this webcast, James Tarala, a senior faculty member at SANS, shares practical tools and strategies to help small businesses implement effective risk management frameworks. Tarala’s insights offer guidance for both cybersecurity professionals advising small businesses and business owners looking to protect their organizations from cyber threats. 

 

Key Takeaways 

  • Cybersecurity for Small Businesses is Essential: Small businesses often struggle with limited resources but must still prioritize security to protect their operations and customer data. 
  • Cloud-Based Solutions Provide Cost-Effective Security: Leveraging cloud-native tools can streamline cybersecurity efforts and reduce the burden on small IT teams. 
  • A Defined Cybersecurity Strategy is Key: Businesses must establish a clear philosophy for managing security risks and carefully select trusted advisors to help them navigate the complexities of cybersecurity. 
  • Actionable Steps to Improve Security: From endpoint detection and response (EDR) to multi-factor authentication (MFA), small businesses can implement essential safeguards to protect their data and systems. 
  • Regular Assessments Strengthen Security Posture: Businesses should perform periodic security assessments to evaluate their effectiveness and adjust their strategies accordingly. 


Summary of the Discussion 

The Challenges Facing Small Businesses 

James Tarala highlights the unique challenges small businesses face when it comes to cybersecurity. Unlike large enterprises with dedicated security teams, small businesses must often make do with limited staff and financial resources. This makes it difficult to implement comprehensive security measures and stay ahead of emerging threats. Additionally, the vast number of cybersecurity solutions available can create confusion about which investments provide the most value. 

 

The Importance of Trusted Cybersecurity Advisors 

Many small businesses rely on informal IT support, such as friends, relatives, or break-fix computer shops, to manage their cybersecurity needs. However, James Tarala warns that cybersecurity requires specialized expertise and should not be left to general IT professionals without the necessary experience. Instead, businesses should partner with managed service providers (MSPs) or managed security service providers (MSSPs) to ensure they receive expert guidance and support. 

 

Implementing Cloud-Based Security Solutions 

One of the most effective ways small businesses can improve their cybersecurity posture is by adopting cloud-native security solutions. These platforms allow businesses to offload complex security tasks to specialized providers, reducing the need for in-house expertise. JamesTarala recommends choosing a core ecosystem—such as Microsoft 365 or Google Workspace—as the foundation for business operations and layering additional security measures on top of it. 

 

Essential Cybersecurity Safeguards for Small Businesses 

James Tarala provides a prioritized list of cybersecurity measures that small businesses should implement to enhance their security: 

  1. Endpoint Detection and Response (EDR): Deploying EDR solutions helps detect and respond to security threats on endpoints like laptops and servers. 
  2. Patching and Software Updates: Keeping applications and operating systems up to date minimizes vulnerabilities that cybercriminals can exploit. 
  3. Multi-Factor Authentication (MFA): Implementing MFA reduces the risk of unauthorized access to business accounts and systems. 
  4. Limiting Administrative Privileges: Restricting administrative access minimizes the risk of insider threats and accidental security misconfigurations. 
  5. Application Control: Using whitelisting solutions ensures that only approved applications can run on business systems, reducing the risk of malware infections. 
  6. Automated Backups with Immutable Storage: Regular, automated backups ensure that businesses can recover data in the event of a cyberattack or system failure. 

 

The Role of Cybersecurity Governance 

Governance is an often-overlooked aspect of small business cybersecurity. Tarala introduces a streamlined governance framework that aligns with the Cybersecurity Risk Foundation’s (CRF) seven-step model: 

  1. Initiate: Secure leadership buy-in and define cybersecurity goals. 
  2. Inventory: Identify and document all digital assets and data. 
  3. Select: Choose the most appropriate security measures for the business’s needs. 
  4. Educate: Train employees on cybersecurity best practices and policies. 
  5. Implement: Deploy security measures and integrate them into daily operations. 
  6. Validate: Perform periodic security assessments to measure effectiveness. 
  7. Communicate: Share security findings with stakeholders to ensure continuous improvement. 

 

Actionable Insights 

  • Small businesses should avoid maintaining their own on-premises servers and instead utilize cloud services for security and efficiency. 
  • Third-party cybersecurity advisors can provide valuable guidance, but businesses should vet them carefully to ensure they have the necessary expertise. 
  • Regular self-assessments and third-party audits help businesses maintain a strong security posture. 
  • Investing in foundational security controls, such as EDR and MFA, provides significant protection against common cyber threats. 
  • A clear and simple cybersecurity roadmap, such as the CRF model, helps small businesses implement effective security strategies without overwhelming complexity. 

 

Conclusion 

Cybersecurity is a critical concern for small businesses, but with the right approach, they can implement effective security measures without overextending their resources. By leveraging cloud-based solutions, partnering with trusted advisors, and following a structured security framework, small businesses can significantly reduce their risk exposure. Tarala’s insights provide a practical roadmap for businesses looking to strengthen their cybersecurity posture and build resilience against cyber threats. 

 

For more insights on this topic, watch the full webcast here.