The Small Business Security Pyramid
Minimum Must-Have Tactics
Business Class Firewall, Next-Generation Antivirus/EDR, Advanced Email Threat Protection, Onsite + Offsite +Offline Backups, Multi-factor Authentication (MFA), AD/Cloud Security Hardening, Monthly Security Inspection & Updates.
Highly Recommended Tactics
Firewall with Intrusion Prevention System, Encrypted Password Management, Web Content & URL Filtering, End-user Security Awareness Training. Advanced Tactics: Centralized Mobile Device Management, Annual Security Scan & Vulnerability Testing, Annual IT/Security Policy Review & Updated, Annual Business Continuity/Disaster Recovery Plan Update.
Pro Level Tactics
Regulatory Compliance Standards (eg. NIST 800-53, HIPAA, etc.), Organization-wide Data Encryption.