“InfoSec” is a term that is most often associated with the enterprise class organization. However, information security is something that every business should be practicing. As we have talked about before the importance of building a security culture in even the smallest business is vital. Having good security practices for your business secures your revenue and your customers’ data (and money). A breach to a one 1-4 employee business can mean the end of the business. The downside is that most security tools are priced outside of the small business range or require a minimum license purchase that ends up having the same effect. So, what is a small business owner to do when it comes to ensuring they have a secure environment?

There was a time when the thought of secure infrastructure would bring items like properly configured IDS/IPS, Firewalls, Switches and Routers with hefty ACLs and 802.1x to mind. However, after Covid and even a bit before the traditional walled layout of the business network design was starting to become outdated. Remote workers and BYOD meant that not everyone could shelter safely inside the castle walls (not that they were safe before). Now IT and Security teams now had a much bigger area to observe and protect. The task becomes harder; much, much harder, but not impossible. The tools change and how you deploy, monitor, and update these tools also change. Let’s look at how to expand the concept of secure infrastructure into the modern distributed workforce.

It is a common belief that vulnerability management is nothing more than scanning and patching. However, as we have seen in many breaches and attacks, this is far from true. Vulnerability management is about understanding your organization and the risks it faces. Risks that an organization faces can include insider threats, public exposure, data leakage, improper configurations or safeguards, data integrity models, and quite a bit more. It is not enough to simply scan with a specific flavor of vulnerability scanner, it is a much larger effort and requires buy-in from every team and person in an organization.