Due to the tight funding of small businesses, it is difficult to invest a large amount of money in network security. However, with the increasing emphasis on domestic network security regulation, small businesses can ensure network security without excessive investment by following the following steps:
- By implementing a strong password policy and requiring employees to use unique and complex passwords, small businesses can greatly reduce the risk of unauthorized access to their networks and data.
- Regularly update software and system patches.
- Use a VPN for internet access.
- Develop a plan to respond to network security attacks.
- Conduct security awareness training for employees.
The above five points are from: The Importance of Cybersecurity for Small Businesses | by Ismail Tasdelen | System Weakness
In addition to the above five points, the following items can be added based on technical security requirements and the domestic situation:
- Log retention, which is of concern to regulators, requires logs to be retained for six months. Companies can set up their own log servers and regularly back them up.
- Risk assessment and level protection required by the "Cybersecurity Law" can be entrusted to third-party companies for risk assessment. As for level protection, it depends on the company's business system. If it is not too important, a level 1 or 2 can be implemented. Level 3 requires the involvement of a third-party security company. If level 3 protection is required, corresponding security equipment needs to be deployed, which will increase costs.
- The asset inventory must be updated in a timely manner. Companies must be familiar with their own assets and minimize the opening of various services to the outside by not opening unnecessary ports.
- If there are business systems, regular scans should be conducted using open-source vulnerability scanning tools.