Listed here are security solutions for small businesses. Note: MEI Security takes no responsibility for your use or lack of use of any of these items. Do your own research. Please feel free to comment on this page, and we will update the listing as we see appropriate.
More Resources for Small and Medium Sized Businesses
Following is a list of resources that may be helpful for businesses interested in reducing their risk.
- https://www.staysafeonline.org/ncsam/resources/workplace-security-risk-calculator
- https://www.us-cert.gov/ncas/tips/ST05-007
- http://www.dhs.gov/sites/default/files/publications/FCC%20Cybersecurity%20Planning%20Guide.pdf
| Category | PREVENT | DETECT | REACT | $0 DIY (XS) | $100 Bronze (S) | $1,000 Silver (M) |
|---|---|---|---|---|---|---|
| Disclaimer | X | MEI Security takes no responsibility for anything related to your use or lack of use of any items mentioned herein. | MEI Security takes no responsibility for anything related to your use or lack of use of any items mentioned herein. | MEI Security takes no responsibility for anything related to your use or lack of use of any items mentioned herein. | ||
| Hardware Inventory | X | Paper+pen or spreadsheet, Opmantek OpenAudit | Upgrade Opmantek, SIEM | |||
| Patching O/S | X | Vendor sites | Vendor | |||
| Patching Applications | X | Avast Software Updater SUMo |
Vendor | |||
| Lock Network Access | X | Change Wireless Password | NAC | |||
| BYOD | X | Two A/P's. Change Passwds or Single AP with true guest mode |
NAC+ | |||
| Network Segmentation | X | Subnets for clients v Servers v Printers | Firewalls to enforce subnets | |||
| Password Hygiene | X | Manual: Simple Seasonal Six | ||||
| Security Plan | X | X | X | https://www.fcc.gov/cyberplanner | Engage Consultant | |
| Antivirus | X | X | Comodo | |||
| DNS Filtering | X | X | Comodo, Norton ConnectSafe, GreenTeamDNS, ... : Filter Malware | OpenDNS, Dyn : Custom Filtering, remove adult content, gambling | ||
| Web Filtering | X | X | X | Squid Proxy : caching and filtering | Bluecoat, Websense | |
| Disk Encryption | X | Native(Bitlocker,OSX,LUKS), Veracrypt | ||||
| SPAM Prevention | X | ISP/Mail client/Junk Settings FRAMS |
||||
| User Education | X | X | X | "Water cooler" discussions, SANS SecuringTheHuman | Learning Lunches | Online Training |
| Policies/Procedures | X | X | X | SANS reading room "building security policy" | ||
| Security Assessments | X | SANS reading room "Risk Assessment" | ||||
| Brand Alerts | X | Google Alerts by Site (pastebin, stack overflow) | ||||
| Status Pages | X | X | DIY + free | For Pay | ||
| External Scanning | X | Greenbone/OpenVAS, ZAP | Qualys, Nessus | |||
| SIEM | X | X | X | OSSIM | AlienVault, QRadar | |
| Internal Scanning | X | Greenbone/OpenVAS, ZAP | Qualys, Nessus | |||
| Pen Testing | X | SANS reading room "Penetration testing" NOTE: non-trivial time, experience, trial/error required to be good at this | ||||
| Backup/Restore | X | USB Drive (ENCRYPTED) | Multiple USB Drives (ENCRYPTED) | Encrypted off-site, live | ||
| Asset Recovery | X | Prey Project | Prey Project+ | |||
| Ransomware | X | X | CyberReason's RansomFree, BitDefender tool |