5. Keep it Simple, Less Complex
Security is typically very poorly deployed and maintained at small and midsize businesses because they are using siloed products that are complex, and hard to manage and deploy. Sophos' message is that small and midsize businesses can easily deploy and manage its security components and simply upgrade the software over time. The company also simplified its licensing strategy to keep it simple. A best practice for decreasing the risk of successful attacks against the corporate network is to reduce system complexity, which results in configuration weaknesses and poorly maintained systems that help criminals gain a foothold, Hagerman said. Businesses with no or limited IT resources need the ability to plug in new security systems when they are necessary with a minimal amount of fine-tuning, he said.