Mike Wooldridge Mar 28, 2023
Darren
What five or six things would you recommend the average non-tech specialist, busy, cash-strapped small business do to improve its security? Rough order of importance.
Boosts appreciated!
Mar 28, 2023 at 11:16amWeb
Show threadMike Wooldridge Mar 28, 2023
@Darrenpauli Ooooh good question! Mine would be:
A subscription to a good password manager (ideally one that also allows shared 2FA keys in the vault like 1Password) - top by quite some way.
Other than that:
Eset antivirus license keys / hardware FIDO-compatible 2FA keys (e.g. Yubikey) with NFC for anyone who accesses customer data regularly across multiple devices / Good quality laptop backpack for anyone taking devices outside of the office / Kensington-compatible locks for laptops/POS systems in a customer-facing environment
Show threadBreditorMar 28, 2023
@Darrenpauli focus on config. SSO or password mgr, MFA + basic device hygiene. The best money spent would be a health check for config of office productivity and accounting software, and review of payments process.
Show threadJamesMar 28, 2023

@Darrenpauli password manager across the company for all employees at number 1 with a bullet.

And here’s where my expertise wains a bit, but…

Some level of cyber awareness training for employees - helping individuals understand the basics and that it’s everyone’s job.

A pentest of sorts to help identify and prioritise risks (although I take the point from your previous toot about snake oil from vendors on this one).

That’s all I got at this stage. It’s late.

Show threadrollo75Mar 31, 2023

@Darrenpauli

1. Run accounts on paper and use chequebooks