Boost Your Small Business’s Information Security with this “High Yield Affordable Five”:

Five Security Tactics that don’t break the bank:

In today’s digital age, securing your small business against cyber threats is paramount. Small businesses are often targeted by cybercriminals due to perceived vulnerabilities. A comprehensive IT Risk Assessment and Discovery is appropriate. However – if you want to make rapid, tangible progress, there are many ‘high-yield’ yet affordable measures you can take to bolster your information security. Here are five simple tactics to enhance your business’s cybersecurity. We’re here to help you understand them, and help you implement them:

1. Staff Training and Behavior Management – Its a recurring process, NOT a single event.

The first line of defense against cyber threats is proper training of your staff. Email phishing is by-far the most common attack vector for cyber-criminals. So implementing comprehensive Internet Security Awareness Training (ISAT) can significantly reduce the risk of human error, which is often a major factor in security breaches. Leading ISAT tools such as KnowBe4, BullPhish ID, & Cofense can be deployed to educate and recurrently test employees effectiveness at identifying AND reporting phishing emails, and recognizing suspicious activities. Conducting periodic training sessions and phishing simulations keeps security awareness top-of-mind and foster a culture of vigilance. Encourage a security-first mindset where employees feel responsible for protecting company data. If you don’t train, test and reconcile your staff’s email-related behaviors that create risk, they’re likely going to eventually fail you. And its going to be the management team’s and your fault.

2. Geo-Blocking – Not doing business in Russia or China? Then don’t give them access to your systems.

Geo-blocking is an effective method to prevent unauthorized access to your network from regions where you don’t conduct business. By blocking IP addresses from countries that pose a higher risk of cyber attacks, you reduce the potential attack surface. This measure can be particularly useful in thwarting automated attacks and reducing spam. Many modern firewalls and security software offer geo-blocking features that are easy to configure and manage, making this a simple yet powerful tool in your security arsenal.

3. Proper Domain Name Services (DNS) Setup with DKIM, DMARC, and SPF – Encrypt your mail and reject email that doesn’t belong.

Email spoofing and Phishing are common tactics used by cybercriminals to trick recipients into divulging sensitive information. And MSPs that don’t set up proper mail authentication and handling, are all too common. You’ve likely heard of Domain Name Services (DNS). DNS is essentially a digital traffic safety officer that can be told to only let certain traffic be directed to, or away from your mail server. Specifically, implementing DNS protocols consists of four protocols. Three of which are long-standing and very important. They are:

1) DKIM (DomainKeys Identified Mail – ensures the emails’ end-to-end encryption),
2) SPF (Sender Policy Framework – Enables authorized mail senders for your Domain i.e. Office 365, SalesForce)
3) DMARC (Domain-based Message Authentication, Reporting, and Conformance – Determines what happens to mail that doesn’t conform to SPF and DKIM i.e. Reject or Quarantine).

These protocols authenticate your emails, ensuring they genuinely originate from your domain and preventing malicious actors from impersonating your business. Properly setting up these records enhances email security, reduces your chances of being Phished or Spoofed; and accordingly, preserves your company’s reputation.

4. External Mail Notification Header – Its free from Microsoft. Its been around since 2021, and takes minutes to implement.

Adding an external mail notification header to incoming emails can alert employees when an email originates from outside your organization. This simple step can act as a warning flag for potential phishing attempts. By clearly marking external emails, employees are more likely to scrutinize the content for signs of malicious intent, reducing the likelihood of falling victim to scams. This measure, combined with regular security awareness training, can significantly mitigate email-based threats. Considering cybercriminals often send mail soliciting data or monies on a domain that looks nearly identical to the organization’s domain from which they are looking to steal. This tool from Microsoft objectively determines is the mail is from an external domain – and alerts the receiver accordingly.

5. Air-Gapped Backup – Keep a redundant ‘off-line back-up’, as you can never be 100% sure your data is safe.

Data loss can be catastrophic for any business. Ensuring you have a robust backup strategy is critical, and an ‘air-gapped’ backup is one of the most secure methods available. An air-gapped backup is physically isolated from your network, making it impervious to cyber attacks that compromise your primary systems. Regularly updating these backups and storing them off-site ensures that you can quickly recover essential data in the event of a ransomware attack or other disaster. This practice not only safeguards your data but also ensures business continuity.  Please be sure to engage your technical team to ensure that the necessary information is copied to the backup, to enable a quick recovery.


Constructing and maintaining the integrity of your small business’s information security shouldn’t be an overwhelming burden. It does, however, require a process that is recurrent and regularly tested. As an old mentor in information security landscape once said to me, a B+ now, is better than an A+ next year. In other words:


If your IT Service provider or MSP hasn’t pressed and achieved these essential topics – you are not being well-advised. And need to take action. By at least beginning these initial, inexpensive security steps, you can significantly improve your cybersecurity and recovery posture. These measures, while straightforward, provide robust protection against a wide array of cyber threats, helping to safeguard your business’s data and reputation in an increasingly digital world.

Leave a comment

Your email address will not be published. Required fields are marked *