June 5, 2021

Advice for a small business looking to tighten security

Hi all,

Appreciate if you could share your wisdom. We are a small business with 45 employees across four sites. Mixture of on site and on the road staff. Now all mostly working from hone.

We have a domain controller in house with all staff accounts syncd to Azure. Licenses are Office 365 business premium.

Internally we have a file & print server and application server. The network is an SD WAN with Meraki Mx67c devices on each remote site.

We are looking to tighten up security for both the internal infrastructure and cloud o365 accounts.

All synced account are MFA enabled. Users had the option of text, phone or authenticator app, most have chosen text.
I have disabled SMB v1 on all servers and ensured NLA is enabled and restricted only to support staff for RDP sessions.

We have reached out to a few vendors to perform security audits and quote for phishing simulations and ongoing security awareness training.

Also looking at enterprise subscription to bitwarden for password manager and duo for mfa for rdp.

What other areas should we focus on to tighten up security?

Comments

LutheranITGuy

You could look at some open source tools like a vulnerability scanner and using a siem for tracking logs.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.