Although Silent Sector tends to work with mid-market and emerging companies, we get asked regularly by small businesses, "What tools or software can we buy to protect our company?"
Cybersecurity presents ever evolving risk factors for all organizations. Small and mid-size businesses (SMBs) tend to be the most affected as they struggle to allocate enough resources to provide adequate protection. Budget, time, and understanding of the subject matter are all limiting factors. As a result, many SMB's look toward buying a software solution or tool as a quick answer to protect their organization. The cybersecurity industry is quick to sell tools and technologies because it is a highly profitable business model. However, cybersecurity professionals know that tools and technology alone do not adequately protect companies.
Savvy organizations, large and small, understand the need to align with an industry-standard cybersecurity framework. These frameworks provide a list of activities and functions to have in place, most of which can be accomplished with the tools and technologies an SMB already has. We recommend Center for Internet Security (CIS) Controls for most SMBs, unless another framework is specifically required (e.g. NIST SP 800-171a for US Government contractors).
Smaller organizations will generally fall under CIS Controls "Implementation Group 1" which is a very achievable process, so long as they are willing to follow it. Implementation Group 1 includes security fundamentals that when put in place, are far more effective than any software or security tool. While tools are used to implement some of the recommendations, most can be done without extra expenditure. Implementation Group 1 includes basic best practices such as maintaining an up-to-date inventory of your technology assets, ensuring unauthorized software is removed and blocked from user machines, devices are patched with the most recent security updates, ensuring backups are properly protected, and more.
You can download the CIS Controls spreadsheet and supporting documentation at https://www.cisecurity.org/controls/
If I had to recommend a single software solution for SMBs, it would be the Sophos Intercept X product for endpoint protection. Sophos provides an excellent security suite that leverages the latest technologies and is much easier for SMBs to manage than others on the market.