Managed Security Fundamentals for Small Businesses and Nonprofits

These are the services that I believe are the essential measures for any business to protect itself from cyber-attack.

I am not solely focused on researching cybersecurity, but I am an IT generalist. I've spent a lot of time researching and thinking about what are the foundational measures that small businesses and nonprofits can put in place to protect the organization's data from theft, loss, or ransomware attacks.

Consider hiring me to help implement or update any of the following things for your business.

Endpoint Protection and Patch Management

It's important to take measures to monitor for and prevent cyberattacks on your workstations. And of equal importance, operating systems and software need to be updated regularly to patch security vulnerabilities as they are discovered. Many operating systems have some kind of malware protection built-in, and much common software gets automatic updates—but in a business environment it's not time-efficient to have everyone checking on these systems and resolving issues when they occur.

At Zeke Cato Enterprise I use a centralized management system to identify out-of-date workstations and bring them into compliance promptly. For endpoint protection, I work with a Security Operations Center for 24/7 monitoring of signals from your operating system's built-in protection, plus DNS filtering to protect against malicious websites and phishing attempts.

Staff Education -- Technology Policies and Phishing Defense

Everyone comes in to work with different comfort levels and experience using computers. Educating staff about your technology policies, security measures, and their role in protecting the organization's data is one of the best things you can do to strengthen the human element of your cybersecurity measures.

Workstation File Backup

Make sure that those key computers are backed up. Not every computer needs to be backed up, but you want to make the conscious decision about what computers you need to back up. You can back up files to a local hard drive, or offsite using a cloud-based backup service.

Google Workspace / Office 365 Backup

Did you know that your files in the cloud are NOT backed up by the cloud provider? That leaves them vulnerable to accidental deletion, and malicious actions like ransomware attacks. Every organization should have their key business data backed up, and that includes in the cloud. Google Workspace Backup from Zeke Cato Enterprise

Password Management

Every web account should have a unique, strong, and randomly generated password protecting it. It's hard for many people to keep track of on their own; when those passwords also need to be shared with a group, and as people come and go, or passwords change, how do you communicate that with the people who need to know?

I've seen people do it a number of different ways successfully, but I highly recommend the use of a password manager. The password manager takes the burden off of you when it comes to creating secure passwords and retrieving them when you need them. A good password manager will also have features for securely sharing secrets with others. No more unsecure emails or text messages with your social security number or other private information in them.

2 Factor Authentication or Multi Factor Authentication

Should you be using 2 factor authentication? Yes, whenever possible. That could be an authenticator app, or a physical security key. And always have a plan for storing your recovery codes in case your 2 factor device fails.