Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Small Business, Big Security Problem

January 30, 2017

  • Blog
  • Archive
Small Business, Big Security Problem Are you a small business owner or partner? Have you have been watching the news or had to deal with the recent plethora of cybersecurity issues from ransomware to phishing? Well, you’re not alone. Considering over 99% of all businesses in the United States are classified as small to medium it is no wonder the problem is trickling down from enterprise businesses. The simple reality is that no business – of any size – is immune from a cyber attack. The question really becomes, What can a small business due to protect themselves with the resources they have and still be cost effective? It’s a big time security problem for small businesses that may not be capable (financially or in terms of expertise) to tackle the problem. So if you feel you are in this situation, please read on.

First, Limit Your Exposure

The most important thing to learn about cyber security when running a small business is to limit your exposure. This is analogous to locking the front door on your business after hours, setting your alarm system, and not leaving your keys in the truck. It also implies that you keep backups of key files and sensitive information just like photocopying papers for your accountant or local government. If you consider all of the physical things you do to protect your business, you will realize that there are electronic equivalents for almost all of them that can be incorporated into your business on a daily basis with minimal to no impact. Consider these for example.
  • Locking your doors. This is equivalent to having passwords on all accounts and different keys for different systems. You do not want the front door key of your business to also open your safe!
  • Having different alarm codes per person. If you are using the same alarm code for all employees, consider assigning a unique one per person. This allows you to track who is entering the code and is equivalent to having unique usernames and passwords per employee to access resources.
  • Can anyone write a check from your business? The simple answer should be no. So why would you allow administrative access from all employees to information technology assets? If you do, this would allow them to make any changes to your computing environment and potentially any system; even the ones that write checks.
  • Do you send your cars and trucks in for maintenance? If your business has a fleet of vehicles, you probably do. Even the worst taxi cabs need new tires and an oil change from time to time. So why not perform maintenance on your computers? This is allowing Adobe, Oracle, Windows, etc. to perform automatic security updates to ensure that vulnerabilities do not become a liability like bald tires.

Recommendations

So, what kind of technology can help your small business reign in these security problems? BeyondTrust has a few solutions that are best of breed that can help at an affordable price point: 1) Scan your systems for vulnerabilities or missing patches with Retina Network Security Scanner. This solution provides small and medium sized businesses an efficient vulnerability assessment solution that can identify missing security patches and vulnerabilities on your systems. It has a built-in reporting solution that recommends how to fix discovered vulnerabilities and provides guidance on any network enabled device; wired or wireless. It provides the maintenance your computing devices need to make sure they operate with the best security posture. 2) Scan your public-facing internet sites for flaws and weaknesses with BeyondSaaS. BeyondTrust provides cloud based vulnerability assessment based on Retina to assess all your public facing Internet assets for vulnerabilities and web application flaws. This service can target any device on the Internet your small or medium size business owns and provides prescriptive guidance on how to fix any flaws that might otherwise be exploited through the Internet. 3) Remove the “keys to the kingdom” from your employees with PowerBroker for Windows. Removing administrator rights from your computers might leave some applications usable or users able to perform critical tasks. PowerBroker for Windows allows users to execute applications with administrative permissions without ever providing them the password. In addition, it can perform the same tasks for operating system functions like adding printers or changing the clock. It helps protect assets by securing administrative rights and making sure users do not have “the keys to the kingdom.” 4) Store your secret passwords with PowerBroker Password Safe. Storing passwords and rotating them on a regular basis is a daunting task for small and medium size businesses. Remembering the new password, all the locations, and informing staff is a proverbial pain. PowerBroker Password Safe can perform all these tasks and more to ensure insecure passwords, and their usage, are properly maintained. 5) Remove access to business-critical systems, like payment processing or accounting with PowerBroker Sudo. If your small or medium size business uses Unix or Linux, how do you manage root, sudo, and privileged accounts across all systems? Just like PowerBroker for Windows, PowerBroker Sudo can help manage administrative rights on non-Windows systems. In addition, as your business grows, migration to its big brother, PowerBroker for Unix & Linux, can completely remove administrative rights and delegate the specific tasks needed for any system and application. Managing cyber security in your small business does not need to be a big problem. All you need to do is think about how you manage security today and translate the topics from your daily practices to the electronic world. Once you do, BeyondTrust has solutions that can make the transition easy, affordable, and painless. For more information on how we can help your small business, contact us today. In the meantime, download our free privileged account scanning tool, Privilege DART. It will quickly scan your network and tell you where you may have some weaknesses. Try it!

Morey J. Haber

Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 25, 2021

Customer Tips & Tricks: Remote Support for Android

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.