View all posts

Appendix: Cybersecurity For The Small and Medium Size Business


Effectively managing and addressing cyber-security threats and the consequent risks is always a matter of resources—both the availability of resources and how businesses utilize the resources available to them. Unfortunately, the availability of effective resources often boils down to money.

More money can often mean more resources. Money can obtain a highly skilled work-force to effectively manage cybersecurity threats. Money can purchase the services of a 3rd party vendor to assist the business in defending against cyber-security threats, and money can buy sophisticated hardware and software to aid in the cyber-security fight. And big business often has more money than a smaller business.

However, while it may be true that you often get what you pay for, when it comes to resources to mitigate the threats and risks that result from cyber-security attacks, SMBs can get a lot of bang for their buck if managed appropriately and may even find that some of the most effective resources are free.

“Anything that just costs money is cheap.” – John Steinbeck

The truth is that having the money to buy these identified resources is not the most effective defense against cyber-security threats. The most effective defense is appropriately implementing all the resources which are currently available to your business. So, let’s find the value in what we have, not in what we can purchase.

“Nowadays people know the price of everything and the value of nothing.” – Oscar Wilde

What can the SMB do to combat cyber-security threats with limited money and current personnel?


Several free tools are available to assess your overall cybersecurity readiness.


If you have not previously conducted an Infrastructure Risk Assessment, knowing where to begin can be a daunting task in and of itself. These articles and tools identify the basics:


Numerous resources exist to assist in developing a threat and risk assessment for your company and to assist in further understanding the basics of the need for and methodology of conducting a threat assessment.


Information Security Policies

Information Security Organizations

Law Enforcement

Federal Regulatory Agencies

State Regulatory Agencies



1“5 Things You Need to Know About Cybersecurity Insurance.” Lucian Constantin, 4/25, 2014.

2“Cybersecurity Ventures Top 50 Security Companies to Watch.” Sue Marquetta Poremba, 3/13/2017.