NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Small Business, Big Security Problem

January 30, 2017

  • Blog
  • Archive
Small Business, Big Security Problem Are you a small business owner or partner? Have you have been watching the news or had to deal with the recent plethora of cybersecurity issues from ransomware to phishing? Well, you’re not alone. Considering over 99% of all businesses in the United States are classified as small to medium it is no wonder the problem is trickling down from enterprise businesses. The simple reality is that no business – of any size – is immune from a cyber attack. The question really becomes, What can a small business due to protect themselves with the resources they have and still be cost effective? It’s a big time security problem for small businesses that may not be capable (financially or in terms of expertise) to tackle the problem. So if you feel you are in this situation, please read on.

First, Limit Your Exposure

The most important thing to learn about cyber security when running a small business is to limit your exposure. This is analogous to locking the front door on your business after hours, setting your alarm system, and not leaving your keys in the truck. It also implies that you keep backups of key files and sensitive information just like photocopying papers for your accountant or local government. If you consider all of the physical things you do to protect your business, you will realize that there are electronic equivalents for almost all of them that can be incorporated into your business on a daily basis with minimal to no impact. Consider these for example.
  • Locking your doors. This is equivalent to having passwords on all accounts and different keys for different systems. You do not want the front door key of your business to also open your safe!
  • Having different alarm codes per person. If you are using the same alarm code for all employees, consider assigning a unique one per person. This allows you to track who is entering the code and is equivalent to having unique usernames and passwords per employee to access resources.
  • Can anyone write a check from your business? The simple answer should be no. So why would you allow administrative access from all employees to information technology assets? If you do, this would allow them to make any changes to your computing environment and potentially any system; even the ones that write checks.
  • Do you send your cars and trucks in for maintenance? If your business has a fleet of vehicles, you probably do. Even the worst taxi cabs need new tires and an oil change from time to time. So why not perform maintenance on your computers? This is allowing Adobe, Oracle, Windows, etc. to perform automatic security updates to ensure that vulnerabilities do not become a liability like bald tires.

Recommendations

So, what kind of technology can help your small business reign in these security problems? BeyondTrust has a few solutions that are best of breed that can help at an affordable price point: 1) Scan your systems for vulnerabilities or missing patches with Retina Network Security Scanner. This solution provides small and medium sized businesses an efficient vulnerability assessment solution that can identify missing security patches and vulnerabilities on your systems. It has a built-in reporting solution that recommends how to fix discovered vulnerabilities and provides guidance on any network enabled device; wired or wireless. It provides the maintenance your computing devices need to make sure they operate with the best security posture. 2) Scan your public-facing internet sites for flaws and weaknesses with BeyondSaaS. BeyondTrust provides cloud based vulnerability assessment based on Retina to assess all your public facing Internet assets for vulnerabilities and web application flaws. This service can target any device on the Internet your small or medium size business owns and provides prescriptive guidance on how to fix any flaws that might otherwise be exploited through the Internet. 3) Remove the “keys to the kingdom” from your employees with PowerBroker for Windows. Removing administrator rights from your computers might leave some applications usable or users able to perform critical tasks. PowerBroker for Windows allows users to execute applications with administrative permissions without ever providing them the password. In addition, it can perform the same tasks for operating system functions like adding printers or changing the clock. It helps protect assets by securing administrative rights and making sure users do not have “the keys to the kingdom.” 4) Store your secret passwords with PowerBroker Password Safe. Storing passwords and rotating them on a regular basis is a daunting task for small and medium size businesses. Remembering the new password, all the locations, and informing staff is a proverbial pain. PowerBroker Password Safe can perform all these tasks and more to ensure insecure passwords, and their usage, are properly maintained. 5) Remove access to business-critical systems, like payment processing or accounting with PowerBroker Sudo. If your small or medium size business uses Unix or Linux, how do you manage root, sudo, and privileged accounts across all systems? Just like PowerBroker for Windows, PowerBroker Sudo can help manage administrative rights on non-Windows systems. In addition, as your business grows, migration to its big brother, PowerBroker for Unix & Linux, can completely remove administrative rights and delegate the specific tasks needed for any system and application. Managing cyber security in your small business does not need to be a big problem. All you need to do is think about how you manage security today and translate the topics from your daily practices to the electronic world. Once you do, BeyondTrust has solutions that can make the transition easy, affordable, and painless. For more information on how we can help your small business, contact us today. In the meantime, download our free privileged account scanning tool, Privilege DART. It will quickly scan your network and tell you where you may have some weaknesses. Try it!
Photograph of Morey J. Haber

Morey J. Haber, Chief Security Officer, BeyondTrust

Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.