I like this idea. But I must say that especially in a small business setting, it’s often the “soft” security factors that clients get bitten on.
Yes, firewall rules, segmentation, etc are very important. But let’s look at a typical SMB. In my professional experience, you can drastically reduce their risks with:
- User security awareness training
- Email measures such as filtering, warning for certain attachments, phishing prevention, etc.
- Strong passwords
- Installing updates and patches promptly
- Strong BYOD and remote work policy
Not as much fun as doing some hardcore networking, and of course “hard” security is needed too. But this is the stuff that is lacking in the SMB community, in my experience.
Shameless plug, I’ve just written this report on some softer security factors. It’s aimed at a non-technical audience, but it might be of interest.