toggle menu
by Derive Technologies,

Baseline Security Practices for the Modern SMB

Cyberattacks around the world are continuing to escalate in both frequency and severity, exacerbated by current global events. Ransomware attacks in particular are an ever-growing threat vector, with the FBI’s Internet Crime Complaint Center reported a 62% year-over-year increase in 2021.[1] 

Increasingly the target of ransomware attacks is SMBs, who are the target of 43% of cyberattacks. Only 14%, however, are sufficiently prepared to defend themselves, according to Accenture[2]. A single attack – whether it’s a data break, malware, ransomware attack, or DDoS attack – costs companies an average of $200,000, and many of these targeted organizations go out of business within six months.[3]

The statistics here are overwhelming, and as insurance providers increasingly enforce strict baseline requirements in order to maintain compliance, it’s more important than ever for businesses of every shape, size, and industry to be proactive about cybersecurity. The alternative is the high cost of being reactive, which cripples businesses both financially and reputationally.

Just like car ownership, preventative cybersecurity efforts are essential in order to maintain the long-term safety and sustainability of your digital assets. Reactive efforts, or waiting to do damage control after your business has fallen victim to a cyberattack, is exponentially more expensive. It’s not just about money, either. Even for some enterprise companies that can handle the financial burden suffer long-term, sometimes irrecoverable, public relations devastation.

[1] https://www.forbes.com/sites/chuckbrooks/2022/06/03/alarming-cyber-statistics-for-mid-year-2022-that-you-need-to-know/
[2] https://www.techtarget.com/whatis/34-Cybersecurity-Statistics-to-Lose-Sleep-Over-in-2020
[3] https://www.hiscox.com/documents/2019-Hiscox-Cyber-Readiness-Report.pdf

Why Now?

The horrible reality of the cybercrime industry is that it’s growing in both sophistication and profitability for a number of reasons, most notably for the latter. While small-time hackers or data-miners may earn only a few dollars a day, high-earners can often make more than $150,000 on a single hack.[1]

Since the pandemic, companies around the world have spent years initiating or accelerating transitions to remote workforce, or at least hybrid workforce transformations, making end users even more vulnerable to cyber exploitation. The use of cryptocurrency has also made transactional anonymity easier than ever, providing an entire economic infrastructure for the cybercrime industry.

It helps the cybercrime industry that their offensive strategies are in most cases outpacing the defensive measures many SMBs are employing. On top of this, there are increasingly political motivations for bad actors to make bolder efforts to steal critical data or inflict economic harm on their enemies.

This is particularly relevant in the case of the war in Ukraine, which has catalyzed a huge uptick in ransomware attacks that originate out of Russia. Even before Russia’s invasion, the BBC reported that 74% of all ransomware revenue can be linked to Russia-backed hackers. [1]

The Requirements Of Insurance Providers

The average cost of a cyber incident for businesses with 50 to 249 employees is $184,000. Fortunately, the insurance premium for small companies of 100 employees rarely exceeds $25,000 per year for a $1,000,000 policy.

Both of these figures increase with the size of the company; a company with between 250 and 999 employees, for example, faces an average cost of $715,000 for an attack. The math is obvious – cyber insurance is no longer a secondary consideration but a baseline requirement to protect the stability and digital security of a business's assets.

Events of the last few years have catalyzed a dramatic shift in the cyber insurance landscape, which now imposes strict prerequisites for any business to procure cyber liability coverage. This minimal amount of due diligence nearly always comes down to three basic requirements:

  1. Two-Factor Authentication (aka 2FA or MFA): all insurance providers will demand this on admin accounts, at the very least, but increasingly it’s become a requirement for all company logins, largely motivated by virtualization and remote work environments.

  2. Extended Detection Response (aka XDR): a defensive tool that reports events and actions of an endpoint device. XDR can be bundled with prevention software such as AntiVirus/AntiMalware to provide security teams with additional controls at the endpoint.

  3. External Vulnerability Scan: this is validation that a company has a clear bill of cybersecurity health and isn’t a “sitting duck” for hackers. Keep in mind: hackers will perform these same scans to see if your business is a good (i.e. easy and/or valuable) target.

[1] https://www.bbc.com/news/technology-60378009

The Biggest Cyber Threats Facing Every Business


Email remains the largest threat vector and attach surface for every business, regardless of size or industry. No channel is more vulnerable or routinely targeted simply because of the myriad of ways this channel can be targeted. From phishing and spoofing to credential theft and identity theft, hackers continue to get more creative (and aggressive) in the methods they employ to trick unsuspecting users.

Two-Factor Authentication, coupled with enterprise-level email security software, are highly recommended integrated IT solutions that can defend against a vast majority of basic email attacks and will deter against most bad actors.


One of the more common and headline-grabbing cybercrimes, especially against global enterprise businesses, are data breaches, although they can affect businesses of any size. The motivation, as with most cyberattacks, is financial, as the stolen data can be held at ransom or sold on the dark web at potentially massive profit, depending on the depth and volume of content.

These vulnerabilities are often a result of weak frontline defenses, like underpowered web security or outdated malware software.


Social media platforms are ubiquitous, including platforms like Instagram which play a vital role in businesses’ branding and advertising efforts, and LinkedIn, a crucial arm of professional networking and advertising. Both individuals and organizations often have their guard down on these channels, which is why hackers have increasingly turned here to steal credentials and by extension personal data, credit card information, and other personal information.

Most companies have a glaring lack of security policies in this field, and there’s a noticeable lack of staff training dedicated to this threat vector as well. While arguably not as urgent as web or email security, social phishing is increasingly becoming a more heavily targeted channel for hackers everywhere.


Ransomware is an umbrella term for any malware that either threatens to publish a business’ data or perpetually blocks access to data unless a ransom is paid. Hackers will often hold data hostage 2-3 consecutive times before relinquishing control: once as a traditional ransom, again to prevent information from being released to the public, and again to allow their victims to understand how they were hacked in the first place.

These attacks can be the result of unprotected email, weak security, outdated antivirus software, untrained staff, lack of security policies, or a litany of other reasons. Government agencies like the NSA have recently enforced policies that forbid paying out ransoms, and as result, hackers have often released stolen data to the public, resulting in catastrophic reputational and financial losses.

8 Cybersecurity Pillars Every Business Needs


Network segmentation is a security technique that manipulates the architecture of a larger network by dividing it into smaller, disintegrated networks. Its purpose is to enable teams to compartmentalize each of their subnetworks that allow greater, more unique security controls and network support services. There are two major types of network segmentations:

a. Macro Segmentation divides online traffic into groups of visitors based on higher-level data points such as IP address, language, gender, browsing platform, or location.
b. Micro-Segmentation focuses on more granular pieces of customer-related data, including history, preferred products, time since the last visit or purchase, and so forth.

Both forms of segmentation help greatly increase security. After all, a network is only as strong as its weakest link, and relying on one large, flat network makes businesses significantly more vulnerable to widely damaging attacks. Segmentation isolates traffic, reduces the attack surface, and prevents hackers’ lateral movement within your network.


A Next-Generation Firewall combines a traditional firewall with other network filtering functions, including website filtering, traffic inspections, third-party identity management, and application firewalls that utilize Intrusion Prevention Systems (IPS) or Deep Packet Inspections (DPI).

In short, NGFWs perform much more thorough inspections by using a deeper layering system, more robust filtering of network traffic, and matching signatures for harmful behavior to data banks of exploitable attacks and malware. These can be implemented in both hardware and software and are capable of both detecting and blocking sophisticated attacks at both the port and protocol levels.

NGFWs offer administrators greater flexibility, awareness, and control over applications by employing an identity-based security approach that binds security to IP addresses. This means far more advanced and reliable defense against malware and application-level attacks.

The third generation of firewall technology can be implemented in hardware or software. It is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port, and protocol levels. Unlike traditional firewalls, they also allow upgrade paths for future information needs and techniques to address evolving threats.


End Point (or Derive) Security has never been more important in a work-from-home world, making XDR an essential component of any modern business’ cybersecurity portfolio.

Extended Detection and Response (XDR) is the next generation of endpoint detection and response (EDR) security and works across networks, cloud hosted, apps, and endpoints to provide extended visibility, analysis, and response capabilities. This provides deep insight into your managed endpoints, and greater control over what that endpoint is able to do or access.

That translates to IT administrators being able to create more strategic defenses based on their unique threat vectors. It also allows them the ability to identify threats or attacks in real-time and remediate them as necessary.

In other words, it provides comprehensive before-during-after attack protection. Multi-layered approaches can further improve endpoint defensibility and include tools like web security filtering – allowing greater control over the data transmitted in and out of an endpoint – and endpoint security agents – which employ a more robust toolset for specialized management.


Sometimes the most obvious safety measures are the easiest ones to forget or neglect. For many modern businesses, a lack of robust backups can be their Achilles heel, setting them back financially and operationally after falling victim to an already-damaging cybersecurity attack.

The best advice is to assume your business is already breached. What do you need to move forward if the worst-case scenario should happen? Recovering from a cybersecurity attack requires the restoration of critical assets, big data storage solutions, as well as a sound (and tested) plan for when disaster strikes.

The most basic 3-2-1 backup rule is a good place to start and involves creating (3) backups of your critical data – one primary and two copies – (2) different backup locations – disk, tape, cloud, etc. – and (1) location that is geographically separated from your production data.

Amidst the heightened threat landscape, it’s best to take this rule a step further by employing all of the below best practices:

● (3) copies of your critical data
● (2) separate disks or appliances for storage
● (1) copy stored offsite
● (1) copy stored offline or air-gapped
● (0) errors during tests, analysis, and backup validation


Much like the aforementioned Vulnerability Scan, a Security Risk Assessment (SRA) services to identify chinks in your business’ cybersecurity armor so you’re able to shore up defenses before any bad actors exploit the opportunity. Beyond a Vulnerability Scan, however, SRAs identify, assess, and implement key security controls to proactively defend against attacks.

The first step to a thoughtful SRA is to identify the risks to your critical infrastructures and sensitive data, which requires you to audit and inventory your organization’s informational assets.

Once those risks are identified, it's best to develop a prioritized roadmap based on the importance or severity of those vulnerabilities and the potential risk of their exploitation. Lastly, take immediate action to mitigate those risks based on the most important aspects of your defined infrastructure.

Ideally, SRAs should be conducted monthly, quarterly, and annually to ensure your business is defensible against ever-evolving cybersecurity threats.


Business email compromise is consistently the most commonly targeted, regularly exploited, and all-around damaging threat. Multi-Factor Authentication (MFA), or an authentication system that requires a combination of verification factors beyond a single authenticator like a password, is reported to block 99% of all login attacks.

Single-factor authentication, or the traditional method of using a unique password to access an account, is far too easy to exploit by today’s standards. MFA forces users to present two or more pieces of evidence in order to access a website or application. These additional authenticators can be knowledge, something only the user knows, possession, something only the user has, or inherence, something only the user is.

This nearly impenetrable level of defense has become a global commonality and is relatively easy to implement and enforce across your entire business. It’s essential to maintain compliance with cybersecurity providers and goes a long way toward protecting sensitive user data or financial assets.

MFA can also be used in conjunction with Conditional Access permissions, heightened email security agents, and Virtual Private Networks (VPN) to prevent a significant portion of DoS attacks on users and organizations.


A Cybersecurity Framework (CSF) is a set of guidelines and written policies for data governance, risk assessment protocols, and procedures that serve to mitigate organizational cybersecurity risks. This collection of best practices is based on existing standards, guidelines, and practices defined by and published by the National Institute of Standards and Technology (NIST).

The primary functions of this CSF are to identify, protect, detect, respond, and recover from the most common cybersecurity attacks. While there are other CSFs to choose from, NIST is considered the gold standard for understanding a business’ cybersecurity maturity and meeting frequently changing regulations.

Compliance is completely voluntary, and although it may require a heavier time investment than other cybersecurity measures, adhering to its guidelines will set your business far and above other “low-hanging fruit” businesses that hackers are significantly more likely to target.


On the most basic level, it’s important to enforce regular cybersecurity training and continuing education programs company-wide, both for stakeholders and staff. Ensure every member of your team is informed on the latest industry-standard security policy models and has adapted their workflows to accommodate cybersecurity needs.

Accountability here is a crucial linchpin to ensure success, otherwise, it’s far too easy for end users to let cybersecurity best practices slip through the cracks . . . and for bad actors to slip right in.

If your business is large enough, dedicated security personnel are instrumental in helping enforce these models and to ensure adoption by everyone. Stay informed, keep your employees educated, and ensure the security of your data, and by extension, the long-term viability of your business, remain as protected as possible.

Reach out to Derive Technologies to learn more about how we can protect you from the threats of today and tomorrow BOOK A FREE CONSULTATION 


Derive Technologies



Book a Free Consultation

Please complete the form below to get in touch with a Derive solutions specialist

Please fill out this field.
Please fill out this field.
Please fill out this field.
Please fill out this field.
Please fill out this field.
Please fill out this field.
Please fill out this field.
Please fill out this field.
Please validate captcha.



Critical Issues for Datacenter Managers – Hybrid Multi-cloud Environments

Today's datacenter managers are tasked with providing the underlying computational, networking, and storage infrastructure necessary to support a wide array of business services and applications for internal and external users. All of this must be...

Understanding Pros and Cons of Hybrid Multi-Cloud Platforms 101

Derive's Datacenter Practice Lead, Heman Yung, discusses important aspects of hybrid multi-cloud platforms—strengths as well as potential challenges. Q: What is a hybrid multi-cloud platform? A hybrid multi-cloud platform is a combination of...

How to Prevent Internal IT Security Threats

When companies think about preventing IT security threats, they automatically visualize hackers shrouded in hoodies writing malware code. However, organizations should keep in mind their own employees.  While some insider threats originate from...

How Emerging AI Creates Cybersecurity Risk

Almost as soon as generative artificial intelligence (AI) technologies, such as ChatGPT, came on the scene, the public began to imagine dystopian scenarios. Critics of emerging AI warned of ChatGPT’s ability to create deep fakes. The comedian...

Transformative Advances in Healthcare Technology

Technology as a whole continues to evolve rapidly and the healthcare arena is certainly no exception. In this blog we look at selected areas of advancements with commentary by Derive’s VP of Business Development, Bill...

Securing Mobile Devices for Remote Work: 10 Cybersecurity Tips for Businesses Prioritizing Protection

In today's digital landscape, remote work has increasingly become the norm for businesses in every industry. As more employees work from home, the security of their mobile devices, particularly phones, has become a critical concern for...

What the SEC’s New Cybsercurity Requirements Mean For You

Any business worth their salt has read the cyber landscape of the last few years and shored up their digital defenses to protect against attacks. The practice of cybersecurity protection, however, is soon to transition from a best practice into a...

How to Improve Your SMB’s Resiliency

While the goal of IT security is to prevent cyberattacks, small and medium-sized businesses (SMBs) need to be prepared to recover quickly if a breach is successful. Rapid recovery lessens the economic and reputational impact of a breach. Resilient...

How to Improve Your Healthcare Organization’s Security Awareness

Because healthcare organizations are often targeted by ransomware attacks through phishing emails, promoting security awareness is crucial. Hackers send emails to hospitals and medical centers that seem to come from co-workers or authority figures....

How Healthcare Organizations Can Create a Cybersecurity Framework

As the target of ransomware and other types of cyberattacks, healthcare organizations need to follow a cybersecurity framework that prevents breaches and the resulting loss of patient data. A Cybersecurity Framework (CSF) is a set of guidelines and...

Top 3 Cyberthreats Faced by Healthcare Providers

Today, no type of business or organization is exempt from cybersecurity risk. Healthcare providers find themselves targeted by advanced threats because the information in electronic health records (EHRs) is valuable. Hackers can sell patient...

5 Ways to Strengthen Your SMB’s Security Posture 

Small and medium-sized businesses (SMBs) often lack the resources needed to adopt a strong security posture. Given the unrelenting escalation of cyberattacks, SMBs can’t afford to skimp on security. With attacks potentially costing companies...

3 Ways a Healthcare Tablet Can Improve Patient Care

From admission to discharge, healthcare professionals rely on accurate data to deliver quality care. Positive patient identification, medication tracking, and staff communication are just a few of the crucial workflows hinging on dependable data...

Learning Models and Generative AI in Managed Cybersecurity Services

As businesses big and small across the healthcare industry become increasingly reliant on technology to optimize and deliver patient care, effective managed cybersecurity services (outsourced management of security procedures and systems) have never...

Baseline Security Practices for the Modern SMB

Baseline Security Practices for the Modern SMB Cyberattacks around the world are continuing to escalate in both frequency and severity, exacerbated by current global events. Ransomware attacks in particular are an ever-growing threat vector, with the...

5 Reasons Healthcare Cybersecurity Is Crucial

5 Reasons Healthcare Cybersecurity Is Crucial Healthcare cybersecurity has never been more important. With cybersecurity attacks rising in frequency and severity in recent years, catalyzed by the Covid-19 pandemic and the ongoing war in Ukraine,...

Derive Tech's 3 Most Critical Cybersecurity Services for Enterprise Businesses

Derive Tech's 3 Most Critical Cybersecurity Services for Enterprise Businesses Now more than ever businesses big and small are racing to fortify their cybersecurity defenses to protect themselves against online threats. Russian cyberattacks have...

Everything You Need to Know About Enterprise Cyberattacks in 2022

Everything You Need to Know About Enterprise Cyberattacks in 2022 Cybersecurity threats against enterprise businesses, particularly sophisticated and high-value ransomware attacks, are growing more prevalent by the day…and largely originate...

Creating an Unbreakable Cold Chain for Proper Vaccine Storage

Now more than ever, cold storage is the key to safeguarding vaccine efficacy. Temperature-sensitive medications like the top COVID-19 vaccines require careful tracking since even the smallest deviation above approved storage temperatures can...

How Hospitals are Increasing Asset Availability to Handle High Patient Volume

Increased patient volume has long been a prevalent issue in healthcare. With every flu season, hospitals nationwide have adapted and converted facilities to accommodate a swell of patients. While COVID-19 hospitalizations have been in a...

Three Technologies Curbing the Prevalence of Healthcare Misidentification

An estimated 1 in every 2,326 blood specimens is inaccurately labeled, translating into a recurrent error risk once every two weeks for a standard-sized hospital. Specimen and patient misidentification have been age-old issues in...

What are the Components of an Efficient Telehealth System?

A mere five years ago, telehealth was slowly making its presence known, used by less than 20% of healthcare facilities in the U.S. However, during the coronavirus outbreak, that number skyrocketed by 154% within the first weeks of...

How Enhanced Mobility Overcomes the Challenges in Modern Healthcare

Before the pandemic, new healthcare technologies such as telehealth and clinal mobile devices were already making an impact worldwide. However, now as we continue to move through unprecedented demands, the push for innovation has been superseded by...