There are three critical security controls that all small businesses should implement if they are just starting to address security. These are:
- Keep your systems up to date by applying all security updates
- Make sure you have daily backups of all critical data and be sure to test the ability to restore from the backups
- Users should not be local administrators on their computers, if that is not achievable, require the use of multi-factor-authentication for all systems and applications
For small companies that have already addressed the above controls take a look at Australia’s Essential Eight Maturity Model.