Keeping the network of a small or medium company (SMEs) is a constant challenge. Threats evolve, resources are not always abundant and the rush of everyday life can leave security in the background. But neglecting this area is like leaving the home door open: an invitation to problems that can be expensive, from critical data loss to the stoppage of operations.
Whether you are a IT professional who provides service to SMEs or the technical guardian within the company, having a practical guide to evaluate and strengthen network safety is critical. Thinking about it, we prepared this checklist. The idea is not just to be a list of tasks, but a script to look together, point to point, as is the protection of network infrastructure, as if we were now analyzing the network of a fictional company, the alpha tech, for example.
Let's use this checklist as a tool to identify strengths, improvement areas and ensure that digital defenses are really prepared for current challenges. Take your coffee, open your notepad (or use this article itself!) And let's start this assessment!
Prefer to watch? We prepared a complete video on the theme:
1. Initial evaluation and network inventory: Knowing the land
Before protecting, we need to know what to protect. The first step is to make a full X-ray of the Alfa Tech network. Without a clear map of the environment, it is impossible to make informed security decisions.
Infrastructure Mapping: Let's start by identifying all assets connected to the network. What are the servers (physical and virtual)? How many workstations? Which notebooks, printers, mobile devices ( byod inclusive), access points, switches, routers? Where are they located? Having an updated inventory, perhaps using a network discovery tool or even well -organized spreadsheets, is important. Without this, how to ensure that all devices are receiving updates or have antivirus installed?
Critical Data Identification: Where do the most important information from Alfa Tech live? Customer data, financial information, intellectual property, employee data ( LGPD ). We need to know exactly where this data resides. On local, cloud servers, in specific stations? Maping the flow of this data also helps to understand the high -risk points of leakage or improper access.
Vulnerabilities Analysis: With the inventory in hand, the next step is to check if there are known “open doors”. Outdated software (operating system, browsers, business applications) are a plate full for cybercriminals. There are vulnerabilities scan tools that can help automate this search. It is like checking if all the windows and doors of the Alfa Tech “house” are locked and if the locks are safe.
Specific Risk Assessment: Each business has its particularities. Alfa Tech, for example, may have many employees working remotely, which increases the attack surface. Or maybe use essential legacy software that no longer receives safety updates. Understanding the specific risks of the business allows you to prioritize safety actions where they are most needed.
In practice: Imagine discovering, during the inventory of Alfa Tech, an old server running an unrest operating system for years, forgotten in a CPD corner, but still connected to the network and storing historical customer data. This is a critical risk that only an initial mapping would reveal.
Keep your network mapped and safe!
Don't you know where to start the inventory of your network assets? Download our free network asset inventory template and take the first step to safer infrastructure.
✓ ready for use
✓ Pre-defined fields for all types of assets
✓ Examples included to facilitate filling
2. Access and identity controls: Who can come in and where?
Once we know the environment, we need to control who accesses what. Managing identities and accesses is like having a rigorous porter and an efficient badge system for each area of Alfa Tech.
Strong passwordpolicy: It looks basic, but it is still a common weakness. Are we ensuring that all users (and service bills) use complex passwords, combining uppercase, tiny, numbers and symbols? Is there a policy that requires the periodic exchange of these passwords? Password management tools can help users create and store strong passwords without noting them in post-its.
Multifator Authentication (MFA): The password, even strong, can be compromised. The MFA adds an extra layer of security, requiring a second form of verification (such as a mobile code, a physical token or biometrics). Where are we using MFA at Alfa Tech? It is essential for remote access (VPN), access to critical systems (ERP, CRM, Administrative Email) and administrator accounts. Enabling MFA is one of the most impactful actions to make unauthorized access difficult.
Image 1: Multifutor Authentication
User Account Management: How does Alfa Tech deal with employee entry and exit? Is there a formal process to create new accounts with correct permissions and, crucially, to immediately disable the bills when someone leaves the company? Inactive or orphaned accounts are a huge risk as they can be explored without anyone noticing.
Minimum privilege principle: Each user must access only the resources strictly necessary to do their work. Does a financial employee need access to engineering project folder? Probably not. Revising and applying the minimum privilege principle dramatically reduces the impact if an account is compromised.
Periodic Permissions Review: Access needs change. It is essential to periodically review (every 3 or 6 months, for example) who has access to what in Alfa Tech. Has anyone changed function? Did a project end? Adjusting permissions ensures that the minimum privilege principle continues to be applied.
In practice: During the revision of permissions at Alfa Tech, we realized that a former employee still had access to VPN. Or that a marketing user had administrator permissions on the file server by mistake. These are the details that well -managed access controls avoid.
Image 2: Tunnel VPN Operation
3. Protection of the perimeter and internal network: the digital walls
With controlled access, the focus now turns to the “walls” that protect the alpha tech network against external threats and also control the internal flow. A well -defended perimeter and an organized internal network are essential.
Configuration and update of firewalls: Firewall is the first line of defense. Is it active and configured correctly on Alfa Tech? Do the rules only allow traffic strictly necessary for the business? Are we blocking unnecessary doors and services? As important as the initial configuration is to keep Firewall firmware up to date to correct vulnerabilities. In addition, analyzing firewall logs periodically may reveal attempts at attack or suspicious traffic.
Network Segmentation (Vlans): Not all sectors of Alfa Tech need to communicate directly. Separating the network into logical segments (VLANs), for example, a server VLAN, another for workstations, one for visitors Wi-Fi, this limits the reach of a possible attack. If a device on a VLAN is compromised, segmentation makes it difficult for the attacker to move laterally to other critical parts of the network. It's like having a fire doors inside the building.
Image 3: Network Segmentation
Wi-Fi safety: The wireless network is a convenient input point for both employees and cybercriminals. Does Alfa Tech's main Wi-Fi network use strong encryption (WPA3, if the devices support, or WPA2 at least)? Is the password robust and exchanged periodically? Is there a separate and isolated network for visitors, preventing them from accessing the company's internal network? Leaving visitors using the same network of employees is a unnecessary risk.
Use of safe VPNs: For employees who access the alpha tech network remotely, how do we guarantee the safety of the connection? The use of Virtual Private Networks (VPNs) with safe protocols (such as OpenVPN or Lumiun Business VPN ) is critical. VPN creates an encrypted tunnel between the employee's device and the company's network, protecting data in transit. It is important to ensure that only authorized users (with MFA, preferably) can connect to VPN.
Network Traffic Monitoring: Observing what is happening on the network can help detect abnormal activities before damage. There are tools (some Open-Source, others integrated with more advanced firewalls) that monitor data flow, looking for suspicious patterns, such as an unusual volume of traffic to an unknown destination or attempts to scan internal doors. It's like having security cameras monitoring Alfa Tech's runners.
In practice: When analyzing Alfa Tech Firewall logs, we identified multiple attempts to connect from a specific country in a door usually used for non -secure remote access. Blocking this door and investigating the origin reinforced the safety of the perimeter.
Image 4: Firewall operation
4. Endpoint security (devices): protecting each access point
There is no point in having heavy walls if the “soldiers” (computers, notebooks, servers) are unprotected. Each device connected to the network is a potential entry point for threats.
Antivirus/Antimalware/EDR: All Alfa Tech Endpoints (servers, desktops, notebooks) have an installed and updated robust safety solution? Traditional antivirus is no longer enough. More modern solutions, such as Endpoint Detection and Response (EDR), offer more advanced protection against malware , ransomware and fileless attacks, as well as research and response capacity. Subscription update and security software itself is vital.
Patch Management: Operated operating systems and applications are the favorite gateway to many attacks. Is there a defined process at Alfa Tech to apply safety corrections regularly? This includes Windows/Linux/MacOS, browsers, Office package, PDF readers, Java and any other software used. Automating this process whenever possible is the best strategy.
Safety on Mobile Devices (MDM): If Alfa Tech allows the use of corporate or personal (BYOD) smartphones and tablets to access company data, such as the safety of these devices is managed? Mobile Device Management Solutions (MDM) allow you to apply security policies (eg lock password, encryption), install corporate applications and even remotely delete company data in case of device loss or theft.
USB Device Control: USB USB and other devices can easily introduce malware. Does Alfa Tech have a policy for using these devices? Is it possible to block or control the use of USB ports in workstations, allowing only authorized devices or monitoring the copy of files?
In practice: An Alfa Tech employee clicks on a malicious link in an email. EDR installed on the machine detects and blocks the attempt to download a ransomware, preventing file encryption and a potential disaster for the company. The constant update of the operating system had already corrected the vulnerability that malware would try to explore.
5. Data protection and continuity: Essential plan B
Even with all defenses, incidents can happen. Therefore, protect the data itself and have a plan to keep Alfa Tech working (or working again quickly) after a problem is as important as preventing the problem.
Regular Backups Routine: How does Alfa Tech ensure that your important data can be recovered in case of hardware failure, ransomware attack or human error? Is there a defined and automated backup routine? Rule 3-2-1 is a good guide: to have at least three copies of data in two different media, with a copy stored outside the company's physical site (offsite, cloud for example). Verifying that all critical data is included in the backup is critical.
Picture 5: Rule 3 - 2 - 1 Backup
Periodic Restoration Tests:Is backup only useful if it works at H. Alfa Tech Periodically tests backup restoration? Simulating the recovery of files, databases or even whole servers ensures that the process works and that the team knows how to execute it. Discovering that the backup is corrupted or that no one knows how to restore it during a real crisis is the worst scenario.
Sensitive data encryption: Protecting data is not just backup. Where are critical data from Alfa Tech stored, are they encrypted? This is for both “at rest” data (on server and notebook discs) and “in traffic” (during internal network transmission, such as access to https or via VPN websites). Cryptography makes the data useless for those who misuse it.
Disaster Recovery Plan (DRP): What happens if Alfa Tech's headquarters suffer a fire, flood or ransomware attack that paralyze everything? Is there a documented disaster recovery plan? This plan details the steps to restore critical operations, who are responsible, what systems are priority and what is the expected recovery time (RTO/RPO). Like backup, DRP needs to be tested periodically.
In practice: A critical server from Alfa Tech suffers an irreparable disk failure. Thanks to the backup routine, the IT team can restore the system on a new hardware within hours, minimizing the impact on operations. If it were a ransomware attack, the offline backup would be salvation so as not to pay the ransom.
Be prepared for the unexpected!
Is your company prepared to respond to a security incident? Download our Incident Mini Response Mini Response (Pri) template and organize your defense strategy.
✓ Complete and editable template
✓ Step by step instructions for each phase of the answer
✓ Adaptable to the reality of your SME
6. Safety in navigation and email: the most common input doors
The internet and email are essential tools for Alfa Tech, but they are also the main entry ports for threats such as malware, phishing and ransomware. Protecting these vectors is crucial.
Content Filterand DNS: How do we guarantee Alfa Tech employees do not access malicious sites or that can compromise safety or productivity? The implementation of a web content filter is very important. Going further, an essential layer of protection occurs at DNS level (the system that translates names of websites like www.google.com into IP addresses). solutions , such asLumiun DNS , act as a security guard on the Internet door: even before the browser tries to connect to a mischievous site with Botnets, access is blocked based on constantly updated threat intelligence. This offers very effective proactive protection. In addition to security, these tools also help control access to unproductive or inadequate websites.
Spam and antivirus filter in the email: the email remains one of the main attack vectors. Does Alfa Tech have a robust spam filtering solution and malicious attachment/link analysis? This can be implemented on the email server or as a cloud service. Properly configuring SPF, DKIM and DMARC also helps to prevent email spoofing (when strikers are reliable).
Phishing Awareness: Even with technical filters, some malicious emails may pass. Can Alfa Tech employees identify phishing attempts? Recognize signs such as grammatical errors, unusual sense of urgency, suspicious senders or foreign links? Awareness is an essential layer of protection.
In practice: An Alfa Tech employee receives an email apparently from the CEO asking for an urgent transfer. Thanks to awareness training, he notices the slightly different email domain and the unusual tone, and instead of transferring, warns the IT team. The company's DNS filter also blocks when it tries to access the suspicious link in the email.
Picture 6: Example of Phishing Email
7. Training and awareness: the human factor
All technical solutions in the world cannot completely protect Alfa Tech if users are not aware and trained. The human factor is both a vulnerability and a line of defense.
Regular Training Program: Does Alfa Tech have a security training program for all employees? This should include good safety practices, such as identifying phishing, creating strong passwords, safely browsing, protecting sensitive data, and knowing those who report suspicious incidents. Training should be periodic (not only in integration) and updated as threats evolve.
Phishingsimulations: An effective way to reinforce training is to perform controlled phishing simulations. Send false (but safe) emails to Alfa Tech employees and monitor who clicks. This should not be punitive but educational, helping to identify areas that need more training.
Clear Policies Communication: Are Alfa Tech security policies clear and well communicated? Everyone knows what is allowed and what is not in terms of devices use, data access, internet browsing? Obscure or unknown policies are not followed.
In practice: After awareness training followed by phishing simulations at Alfa Tech, the rate of clicks in suspicious emails fell from 30% to less than 5%. When a real attack occurred months later, several employees reported malicious email to IT team before any damage could be caused.
8. Incident monitoring and response: open eyes and ready plan
Even with all preventive measures, Alfa Tech needs to be prepared to detect and respond to security incidents quickly.
Log Collection and Analysis: Are the LOGS of Alfa Tech (firewall critical systems, servers, network devices) being collected and analyzed regularly? These logs are the “black box” that can reveal attempts at invasion, anomalous behaviors or safety failures. Security Information and Event Management (SIEM) tools can help centralize and analyze these logs.
Detection/Prevention Systems (IDS/IPS): Does Alfa Tech have any solution that actively monitors the network in search of suspicious activities? An IDS warns of possible intrusions, while an IPS can automatically block attack attempts. These tools complement firewall, focusing on more sophisticated threats.
Incident Response Plan (PRI): Is there a documented plan to respond to Alfa Tech security incidents? This plan must clearly define roles and responsibilities (who does what), procedures for containment, eradication and recovery, and communication channels. Without a plan, the answer tends to be chaotic and ineffective.
Emergency Contacts: Alfa Tech team knows who contacts in case of a serious incident? This includes internal contacts (IT, management, legal) and external (IT suppliers, authorities if necessary). Having this list ready and affordable (including offline) is crucial during a crisis.
In practice: Alfa Tech's monitoring system detects an unusual standard of access to a database server at 3 am. Thanks to the well -defined incident response plan, the duty team knows exactly how to proceed: isolate the server, analyze the logs, identify the origin of access, and take appropriate containment measures.
Picture 7: Incident Response Life Cycle
9. Physical security: protecting the tangible
Cyber security does not exist in vacuum. The physical protection of alpha tech's IT assets is an essential component of the safety strategy.
Physical Access Control: Who can enter the server room or alfa tech offices? Are there controls such as access cards, biometrics or even conventional keys? Is access to sensitive areas (such as the server room) restricted only to authorized personnel?
Environmental Threats: Are Alfa Tech's critical equipment protected against threats such as fire, flooding, energy falls? Fire detection systems, proper air conditioning, UPS (UPS) and generators are important investments to ensure the continuity of services.
Mobile Safety: How does Alfa Tech deal with physical safety of notebooks, tablets and corporate smartphones? Are there policies for using safety locks, safe storage and procedures for lost or stolen devices?
In practice: A alpha tech corporate notebook is stolen from an employee during a trip. As the disc was encrypted and the device configured for remote deletion, the company's sensitive data was not compromised.
10. POLICIES AND CONFORMITY: Formalizing Security
Finally, all Alfa Tech security practices need to be formalized in clear and aligned policies with regulatory requirements.
Security Policies Documentation: Are Alfa Tech security practices documented in formal policies? This includes password policy, acceptable use of IT resources, incident response, access control, among others. Docued policies establish clear expectations and provide consistent guidance.
Periodic Review: Are Alfa Tech's security policies and procedures regularly revised? Security is a constantly evolving field, and policies need to keep up with new threats, technologies and business requirements.
Compliance with Regulations: Is Alfa Tech subject to specific regulations, such as the LGPD (General Data Protection Law)? Are safety practices aligned with these requirements? Failure to comply can result in legal penalties beyond safety risks.
In practice: During an internal audit, Alfa Tech identifies that its data retention policy is outdated in relation to LGPD requirements. The review and updating of the policy, followed by systems adjustments, ensures compliance and reduces legal risks.
Conclusion: Safety is a continuous process
We have reached the end of our checklist, but in fact, Alfa Tech's security journey (and your business) never ends. Security is not a project with a beginning and end, but a continuous process of evaluation, implementation, monitoring and improvement.
This checklist serves as a starting point for evaluating and strengthening the safety of your SME network. Not all measures need to be implemented at once, and some may not be applicable to their specific reality. The important thing is to start, prioritize based on identified risks and continually improve.
Remember: perfect security does not exist, but a structured and conscious approach can significantly reduce risks and prepare your business to actually respond when (not, but when) an incident occurs.
And you, have you applied this checklist to your company or the companies it serves? Which points do you consider most challenging? Share your experiences in the comments!
I am a co -founder and CTO of Lumiun, where I lidero the development of our network safety solutions, focusing on usability, performance and scalability, serving both MSPS and IT decision makers in companies seeking effective control and protection of corporate navigation.
