Andrew Brooks, a security professional with Infrastructure-as-a-Service (IaaS) provider SingleHop, said the cybersecurity needs of small businesses are often overlooked, making them an easy target for criminals. While larger companies have the resources to pay for a dedicated security team, smaller employers generally don't, which Brooks said puts them at a significant disadvantage in the war against cybercrime.

Brooks offers small business owners several ways to maintain a secure infrastructure without breaking the bank:

• Minimize the attack surface: As companies grow, their attack surface increases, which presents more security risks. So, as a business's capabilities expand, owners should look at the technologies that power their operation and make every effort to ensure that when it comes to assets, applications and functionality, the only things exposed are those which are required to deliver their service.They need to always be asking: Does this need to be online? What happens if it gets hacked and how can it avoid getting hacked?
• Understand the power of patching: Small businesses lack the ability to defend themselves in comparison to larger companies; however, big companies have slow wheels and a monstrous attack surface. That means small companies can use their size to their advantage to patch frequently and quickly. With a smaller infrastructure, changes can be made and patches can be applied much more rapidly. Since keeping track of relevant security issues can be difficult, small businesses should create a "security@" email address. They then should identify the components their platform relies on — such as Apache, MySQL, PHP, Drupal, Oracle, etc. — and subscribe this email address to the security and update feeds for the appropriate software. Once security advisories and updates are available, evaluate their relevance to their system and patch immediately.
• Take advantage of free tools: Two excellent and free tools for Web application scanning are Arachni and W3AF. They provide a scanning functionality that can be tremendously valuable when helping small businesses scan a site or application for the same low-hanging fruit that attackers and bots often scan for, such as SQL injection and Cross-Site Scripting.
• Have a plan: The unfortunate truth is that one day, hopefully very far down the road, most small businesses will have to deal with a security incident. The severity of the breach can vary depending on the attacker’s motivations, but can include things such as data loss, destruction and corruption. For this reason, it’s imperative that businesses have secure off-site backups. In addition, take the time to verify the integrity of the data routinely so that if and when it's time to restore from backup, the data is actually usable.
• Professional assessments: Small businesses should have a professional security assessment performed at least once a year, if not quarterly. It never hurts to have an unbiased and different set of eyes look at the security posture of an organization and its applications. This is a fairly inexpensive way to get some valuable piece of mind.