As you walk down the street, you approach a home with an ADT sign and you notice a pair of surveillance cameras.  As you pass the home, you also notice the doors, windows, and garage door are all closed, and a sign posted on the gate to the side yard reads:  "Beware of Dog". 

A few doors down, you pass another home without any visible signs for an alarm company and as far as you can tell, no surveillance cameras.  As you complete your pass of this second home, you notice the gate and garage door are both wide open.  In the garage, you can see three bicycles, a set of golf clubs, and a BMW with the driver side window rolled down. 

If you were a burglar, which of these homes would you be likely to rob?  The obvious answer is the second home because it's the low hanging fruit.

On the Internet, small businesses are the low hanging fruit.  Small businesses are content with the idea that a firewall and anti-virus will protect them.  Their networks are typically flat which means that when a malicious actor penetrates their network, there's little to prevent them from moving laterally and deeper into the network.  Because complex passwords and multifactor authentication are rarely used except when forced, attackers can move quickly through the network to achieve their goal. 

When we're working with small businesses, the first step is focused on education rather than diving straight into a vulnerability assessment.  First we're going to educate, then harden, and when we have both of these avenues covered, we're going to perform a penetration test.  To put the penetration at the front would be a waste of time and money.

If you'd like to learn more about our security services, please reach out to us through our contact page.