A DIY Guide to Implementing Needed Cyber Security Functions for Your Business

Introduction

Managing IT infrastructure becomes essential to preserving operations and protecting data as firms expand. Many firms use managed service providers (MSPs) to take care of these duties, but using an MSP can be costly and unaccommodating for small and medium-sized enterprises (SMBs). The goal of this do-it-yourself tutorial is to teach you the skills and resources you need to implement critical cybersecurity and IT operations yourself, without the assistance of a third party. By the time you finish reading this tutorial, you’ll have the fundamental knowledge needed to operate your systems more independently and economically.

Why Implementing Technical Functions is Necessary for Every Small Business

Even the smallest businesses must now deal with increasing hazards to their IT infrastructure in the digital age. Data breaches, hacks, and system outages can all adversely disrupt business operations and cause significant costs. Small businesses often assume they are less likely to be targeted; yet, data shows that small to medium-sized businesses (SMBs) are the target of nearly 40% of cyberattacks due to insufficient security measures. To fight against these dangers, companies must deploy technical functions. This allows them to ensure that:

  • Safeguard sensitive data: Protect customer and business information from breaches and cyberattacks.
  • Maintain operational continuity: Prevent costly downtime and disruptions by proactively managing IT systems.
  • Meet compliance standards: Ensure adherence to industry regulations such as GDPR, HIPAA, or PCI-DSS.
  • Increase productivity: Efficiently manage IT infrastructure to support business growth and smooth operations.

Small firms can fortify their defenses, reduce risks, and maintain control over their IT environment without incurring the hefty costs associated with outsourcing by implementing essential IT tasks internally, such as email security, network monitoring, patching, remote monitoring, and security. With this do-it-yourself strategy, small and medium-sized businesses can tailor their IT management and security, making sure they’re constantly ready for new and changing issues.

The goal of the guide is to provide businesses with comprehensive instructions for remote monitoring, patch management, email security, and other IT services that MSPs normally offer. It also demonstrates how businesses can independently deploy these services.

Benefits of DIY deployment:

  • Cost savings: Eliminate recurring MSP fees.
  • Control over tools: Choose the best tools tailored to your business.
  • Customizability: Flexibility to configure settings and systems to meet specific needs.

Who This Guide is For: Small to medium-sized businesses looking for practical and actionable advice to secure and manage their IT infrastructure.

Key Considerations:

  • Time: Understand that DIY deployment requires initial setup time and ongoing time that takes away from core business.
  • Cost: Free and low-cost tools are available, but some functions may require modest investments.
  • Maintenance: Ongoing maintenance will be necessary for continuous effectiveness.

Section 1: Remote Monitoring and Management (RMM)

What is an RMM?

Remote Monitoring and Management (RMM) is a set of tools used to monitor, manage, and maintain IT systems remotely. RMM tools help businesses stay proactive by detecting potential issues before they disrupt operations. RMM solutions enable:

  • System health monitoring: Monitor server and workstation performance.
  • Proactive issue detection: Identify issues like hardware failures or malware before they escalate.
  • Automated responses: trigger alerts or execute pre-defined scripts when problems occur.

Deploying RMM Solutions

General steps for setting up an RMM platform:

  1. Evaluate your needs: Consider the number of devices and the critical systems that require monitoring.
  2. Choose an RMM tool: Options range from free open-source software to premium tools.
  3. Install the agent on devices: The agent collects system health data and communicates with the RMM dashboard.
  4. Configure alerts and reports: Set thresholds for system performance, and configure automated alerts for issues.
  5. Set up remote access: Enable remote control of devices for quick troubleshooting.

Suggested Tools:

  • TacticalRMM: A free, open-source solution with robust monitoring capabilities that is self hosted.
  • ScreenConnect: A paid tool offering advanced remote access features.

Time to Deploy: 1-2 days, depending on the number of devices.

Approximate Cost: Although TacticalRMM is initially free, there are premium options. The main expense will be hosting; the monthly cost of ConnectWise Control (Screenconnect) is between $20 and $50.

Daily Maintenance: Allocate 15-30 minutes a day to monitor alerts, update patches, and address any detected issues.


Section 2: Patching and Updates

Importance of Regular Patching

Regular patching and updates are vital for security and system stability. Unpatched software is one of the primary ways cyber attackers gain access to systems. Keeping software up to date:

  • Minimizes vulnerabilities: protects against known exploits.
  • Ensures compatibility: Keeps systems running smoothly with the latest security updates and features.

Automating Patch Management

General process for setting up automated patching:

  1. Select a patch management tool: Many RMM tools come with built-in patch management features.
  2. Define patch schedules: Set a regular schedule for automated patch deployment (e.g., weekly updates).
  3. Configure notifications: Set alerts for patch failures or manual intervention needs.
  4. Test patches on non-critical systems: deploy patches in a test environment before rolling them out network-wide.

Suggested Tool:

  • TacticalRMM: Includes automated patching as part of its core functionality.

Time to Deploy: 1 day to configure automated patching.

Approximate Cost: Cost of the RMM.

Daily Maintenance: Allocate 10-15 minutes a day to review patch statuses and address failed updates.


Section 3: Email Cybersecurity

Why Email Security Matters

Email remains one of the most common attack vectors for cyber threats such as phishing, ransomware, and malware. A robust email security strategy is essential to protect sensitive information and prevent malicious attacks from infiltrating your network.

Setting Up an Email Security Gateway

Key configurations for external email protection:

  1. Implement filtering: filter inbound and outbound email for malware and phishing attempts.
  2. Set up quarantine: Automatically quarantine suspicious emails for administrator review.
  3. Enable advanced threat protection (ATP): Use machine learning and AI to detect new and sophisticated threats.
  4. Monitor email traffic: Regularly review logs and reports for any irregularities or targeted attacks.

Suggested Tool:

  • Avanan: A cloud-based email security solution that integrates easily with Office 365, Google Workspace, and other platforms.

Time to Deploy: 1-2 days for initial setup and configuration.

Approximate Cost: $6-10 per user per month, depending on the plan.

Daily Maintenance: Allocate 10-15 minutes to review quarantined emails and alert logs.


Section 4: Vulnerability Scanning

What is vulnerability scanning?

By using vulnerability scanning, you can find possible security flaws in your systems and network. Businesses can identify and fix vulnerabilities before attackers take advantage of them by conducting routine scans.

How to Implement Vulnerability Scanning

General steps for configuring and running regular scans:

  1. Choose a scanning tool: Select a tool that matches your network size and compliance needs.
  2. Define scan scope: Choose which systems and networks to include in the scans.
  3. Set scan schedules: Automate scans to run weekly or biweekly.
  4. Review scan reports: Identify and prioritize remediation actions based on scan results.

Suggested Tools:

  • ConnectSecure: Offers relatively affordable vulnerability scanning, cloud hosted.
  • OpenVAS: A free, self hosted scanner with more limited functions.
  • Rapid7: A more advanced and premium option for detailed scanning and reporting.

Time to Deploy: 1 day to configure and schedule regular scans.

Approximate Cost: Free to thousands per month. depending on the size and needs of the organization.

Daily Maintenance: Minimal daily work; typically, allocate 1-2 hours weekly or biweekly for scan reviews.


Section 5: Network Monitoring and Protection

Why Network Monitoring is Critical

Network monitoring offers real-time visibility into your network’s performance and security. Detecting suspicious activity early can prevent data breaches, malware propagation, or unauthorized access.

Deploying Network Monitoring Tools

Steps to set up network monitoring:

  1. Install network monitoring software: deploy tools that track network traffic and performance.
  2. Set up traffic alerts: Configure alerts for unusual activity or traffic spikes.
  3. Establish monitoring dashboards: Use customizable dashboards for visualizing network health.
  4. Review logs regularly: Check logs for any anomalies or unauthorized access attempts.

Suggested Tools:

  • Firewalla: A small, business-friendly tool for network security and monitoring.
  • Unifi: A more advanced system for managing larger networks and connected devices.

Time to Deploy: 1-2 days, depending on the network’s complexity.

Approximate Cost: Firewalla starts at $129 (one-time cost); Unifi starts at $200+ for hardware.

Daily Maintenance: Allocate 15-20 minutes daily to monitor network traffic and review alerts.


Section 6: Employee Awareness Training

Importance of cybersecurity awareness

Human error is a leading cause of cybersecurity incidents. Phishing attacks, poor password practices, and unsafe browsing are common issues that can compromise security. Training employees on best practices reduces risks significantly.

Setting Up a Training Program

Steps to train employees on cybersecurity:

  1. Identify key topics: Focus on phishing detection, password policies, and safe browsing habits.
  2. Use an online training platform: Deliver training via e-learning tools with built-in assessments.
  3. Schedule regular refreshers: Ensure ongoing training with quarterly updates or testing.
  4. Monitor employee progress: Use reporting features to track employee completion and comprehension.

Suggested Tool:

  • Usecure: A comprehensive cybersecurity training and awareness platform.

Time to Deploy: 1 day to set up training and roll it out to employees.

Approximate Cost: $2-$5 per user per month.

Daily Maintenance: Minimal daily work; allocate 1-2 hours quarterly for content refreshes and employee reviews.


Section 7: Endpoint Detection and Response (EDR) and Antivirus

EDR vs. Traditional Antivirus

Endpoint Detection and Response (EDR) tools go beyond traditional antivirus software by offering real-time threat detection, investigation, and response capabilities. EDR is critical for mitigating advanced attacks like ransomware, malware, and zero-day threats.

Deploying EDR and Antivirus Solutions

Steps to install and configure EDR tools:

  1. Select your EDR solution: Choose a tool based on your security needs and budget.
  2. Install agents on all endpoints: Ensure that each endpoint device (computers, servers, etc.) has an agent installed.
  3. Configure policies: Set up rules for threat detection, automated responses, and alerts.
  4. Monitor and respond to alerts: Review real-time alerts and take action to remediate threats.

Suggested Tools:

  • Huntress offers comprehensive EDR capabilities.
  • Bitdefender: A robust antivirus and EDR solution with advanced features.

Time to Deploy: 1 day for complete setup across all devices.

Approximate Cost: $2-$7 per device per month.

Daily Maintenance: Allocate 10-15 minutes daily to review endpoint alerts and respond to threats.


Section 8: Password Management and Breach Detection

The Role of Password Management in Security

Password management tools play a crucial role in preventing data breaches by helping users generate strong, unique passwords and minimizing password reuse.

Implementing a Password Manager

Steps to set up and enforce password policies:

  1. Choose a password management tool: Opt for a tool that offers password generation, storage, and breach detection.
  2. Implement organization-wide policies: Ensure that all employees use the password manager.
  3. Enable breach detection: Monitor for compromised credentials and force resets when necessary.

Suggested Tool:

  • NordPass: A secure and user-friendly password management solution.

Time to Deploy: 1 day for initial setup and onboarding.

Approximate Cost: $2-$4 per user per month.

Daily Maintenance: Minimal daily work; conduct monthly breach detection checks (1-2 hours).


Section 9: Multi-Factor Authentication (MFA)

What is MFA?

Multi-Factor Authentication (MFA) adds an additional layer of security to user accounts by requiring a second form of verification, such as a one-time passcode or biometric scan, in addition to a password.

Enforcing MFA Across Your Organization

Steps to implement MFA:

  1. Identify critical systems for MFA: Secure your most sensitive systems first (e.g., email, file storage).
  2. Choose an MFA provider: Use a service compatible with your existing environment.
  3. Onboard users: Provide clear instructions for setting up MFA on their accounts.
  4. Monitor MFA logs: Regularly review logs for failed attempts or suspicious activity.

Suggested Tools:

  • Google Authenticator, Microsoft Authenticator, or third-party MFA solutions like Duo Security.

Time to Deploy: 1-2 days to set up MFA across systems.

Approximate Cost: Free with most cloud services (e.g., Google, Microsoft), or $3-$5 per user per month for third-party solutions.

Daily Maintenance: minimal daily work; monthly reviews of MFA logs for any unusual activity.


Section 10: Web Server Deployment (Non-Shared Hosting)

What If I Already Have a Website?

If your website is already live, you may think that your efforts are finished. Nonetheless, a lot of small firms host their websites on shared hosting platforms, which, although reasonably priced, have a number of drawbacks that can impede expansion and put your company at danger. Even if your website is up and running, it’s important to think about whether your present hosting plan actually meets the long-term requirements of your company. Making the switch to a Virtual Private Server (VPS) or dedicated hosting plan could greatly increase the performance, security, and scalability of your website.

Why Switch to Dedicated Hosting?

  1. Enhanced Security: Shared hosting environments mean multiple websites reside on the same server, which increases vulnerability to attacks. If one website on the server is compromised, it could affect all the others. With dedicated hosting, your site is isolated, reducing exposure to threats and allowing for more advanced security configurations such as custom firewalls, encryption, and intrusion detection systems.
  2. Improved Performance: On shared hosting, server resources such as CPU, memory, and bandwidth are distributed across many users. This can result in slow load times or site crashes during traffic spikes. Dedicated hosting ensures your website has exclusive access to server resources, leading to faster page load speeds and a more stable user experience, which can help improve SEO rankings and customer satisfaction.
  3. Greater Customization: Shared hosting often restricts the ability to customize server settings, which can be limiting if your business has specific technical needs. With dedicated hosting, you have full control over the server’s configuration, allowing you to optimize performance and security to suit your unique requirements.
  4. Scalability: As your business grows, so will your website’s demands. Shared hosting plans often struggle to keep up with increasing traffic or the addition of more complex features. A dedicated or VPS plan offers the flexibility to scale resources as needed, ensuring that your site continues to perform optimally as your business expands.
  5. Better Uptime and Reliability: Dedicated hosting environments typically come with better uptime guarantees, often reaching 99.9% or higher. This is critical for businesses that rely on their websites to generate leads or sales. In shared hosting, one site’s performance issues can affect the entire server, leading to unplanned downtime and lost revenue.

You can be sure that your website operates better, is more secure, and can expand with your company by switching to dedicated hosting. Even if your present website appears adequate, making the investment in dedicated hosting gives you peace of mind that your online presence is strong and resilient, as well as preparing your company for future opportunities and difficulties.

What is web server deployment?

In order to host your website or web apps, web server deployment entails setting up a dedicated or virtual private server (VPS). Non-shared hosting offers dedicated resources, which offer better speed, security, and customization choices than shared hosting, which divides server resources among several clients.

How to Set Up a Web Server

  1. Choose your hosting provider: Select a VPS or dedicated server provider based on your resource needs (We like Hetzner and SSDNodes).
  2. Select the operating system (OS): Choose between Linux distributions (If using Runcloud, we go with Ubuntu) or Windows Server depending on your website requirements.
  3. Install web server software: Set up a web server stack (e.g., Apache, NGINX, or IIS) to handle HTTP requests and serve content. – Or connect to Runcloud to auto install.
  4. Configure security settings: Install an SSL certificate for HTTPS, configure firewall rules, and disable unused ports to reduce the attack surface.
  5. Set up automated backups: Regularly back up your web server and database to ensure data is recoverable in the event of a failure or attack.
  6. Deploy your website/application: Runcloud has a one click deploy, otherwise you can manually deploy or deploy through the provider you choose.

Suggested Tools:

  • Runcloud: It does all the heavy lifting for you, so you don’t have to install the below tools.
  • Apache: widely used open-source web server software.
  • NGINX: Known for its high performance and low resource usage.
  • Let’s Encrypt: Free SSL certificate provider.

Time to Deploy: 1-3 days, depending on the complexity of your website.

Approximate Cost: $5-$100 per month, depending on the server type (VPS or dedicated) and provider.

Daily Maintenance: 10-20 minutes a day for server health checks, security monitoring, and backup management.


Section 11: Website Updates and Protections

Importance of Regular Website Updates

Hackers frequently attack websites in search of out-of-date software with known vulnerabilities. Updating the themes, plugins, and core software (such as WordPress) on your website on a regular basis helps prevent security lapses. Updates provide maximum performance and conformity with current web standards in addition to security.

Best Practices for Website Updates

  1. Schedule regular updates: Set a weekly or biweekly schedule to check for updates to the website’s CMS, plugins, and other integrations.
  2. Test updates in a staging environment: Before applying updates to your live site, use a staging environment to identify potential conflicts.
  3. Implement Web Application Firewall (WAF): A WAF filters, monitors, and blocks malicious traffic attempting to exploit website vulnerabilities.
  4. Use a Content Delivery Network (CDN): A CDN improves website load times and helps mitigate Distributed Denial of Service (DDoS) attacks.
  5. Enable automatic backups: Regular backups ensure you can restore your website quickly in case of a failed update or breach.

Suggested Tools:

  • WordFence: A website firewall and security monitoring tool.
  • Cloudflare provides CDN services and a WAF to protect websites from common threats.
  • UpdraftPlus: A WordPress backup plugin that automates backups to the cloud.

Time to Deploy: 1-2 days to set up security measures and update processes.

Approximate Cost: Free to $20 per month, depending on the tools used (e.g., free versions of Cloudflare vs. paid plans).

Daily Maintenance: 5-15 minutes daily for checking update notifications, monitoring security logs, and reviewing site backups.


Section 12: Laptop/Computer Standardization (Our Pick: Dell)

Why standardize hardware?

Hardware for laptops and desktop computers should be standardized to facilitate management, enhance software system interoperability, and simplify IT support. Businesses can simplify deployment, maintenance, and troubleshooting by selecting a single brand and model for the whole enterprise.

Benefits of Standardizing with Dell

Offering a wide selection of business-focused laptops and desktops, Dell is renowned for its products’ robust construction, lengthy warranties, and manageability thanks to enterprise-level support solutions like Dell Command Suite. Advantages consist of:

  • Easier management: Consistent hardware simplifies the process of image creation and software deployment.
  • Better support: Standardization allows IT teams to become experts with one specific hardware setup, reducing downtime when issues arise.
  • Predictable cost and lifecycle: Standardizing across one manufacturer makes budgeting and planning for upgrades easier.

Steps for laptop/computer standardization

  1. Assess the organization’s needs: Determine the right balance of performance, portability, and durability for the roles in your company.
  2. Choose the right Dell model: Consider models such as the Dell Latitude series for business laptops, offering robust security features and high performance.
  3. Create a standardized image: Develop a base operating system image with all required software pre-installed.
  4. Deploy system management tools: Use Dell Command | Update and Dell BIOS settings to automate system updates and security patches.
  5. Centralize procurement: Create a standardized purchasing process for Dell products to ensure consistent specifications and compatibility.

Suggested Models:

  • Dell Latitude: Durable laptops designed for businesses, with security features such as biometric login and encrypted hard drives.
  • Dell OptiPlex: Compact desktops suitable for office environments with enterprise-grade manageability.

Time to Deploy: 1-2 weeks to research, configure, and deploy hardware across the organization. 3-4 hours to create system image. 2-4 hours to deploy image per machine and ensure full setup.

Approximate Cost: $700-$1,500 per device, depending on specifications and volume discounts.

Daily Maintenance: 5-10 minutes per device for routine updates and hardware health checks.


Section 13: Cost of Doing It Yourself vs. Hiring an MSP

Cost Considerations for DIY IT Management

DIY IT administration has financial ramifications that are both short- and long-term. Indirect expenses include time investment, possible learning curves, and maintenance, even if there is potential for significant cost savings over engaging an MSP.

Direct Costs of DIY IT Management:

  1. Software and Tools: Some IT tools have free versions, but others require subscription fees. For example, you may pay for services like email security, endpoint protection, and vulnerability scanning.
  2. Hardware Costs: Purchasing servers, laptops, and network infrastructure can lead to significant upfront expenses.
  3. Time and Labor: DIY means investing time in learning how to configure and maintain tools. The more complex the setup, the more time you will need to spend on daily and long-term maintenance.

Advantages of DIY:

  • Lower Ongoing Costs: You avoid monthly fees that MSPs charge for management and support.
  • Customization and Control: You can choose the tools and systems that work best for your business rather than being locked into the MSP’s platform.
  • Scalability: With internal management, you can scale operations without waiting on external providers.

Cost Considerations for Hiring an MSP

MSPs are more convenient, but their recurrent costs are also more expensive. They relieve internal staff of the setup, maintenance, and support duties, but they may bind you to long-term contracts or fewer configurable options.

Direct Costs of Hiring an MSP:

  1. Monthly Service Fees: Most MSPs charge on a per-user or per-device basis, with fees ranging from $50 to $150 per month per user.
  2. Initial Setup Fees: Many MSPs charge a fee to onboard new clients, which could range from $1,000 to $5,000 depending on the complexity.
  3. Service Level Agreements (SLAs): While MSPs guarantee uptime and support, higher tiers of service come at additional costs.

Advantages of an MSP:

  • Expertise on Demand: MSPs bring specialized expertise, handling complex problems quickly and efficiently.
  • 24/7 Monitoring and Support: Many MSPs offer round-the-clock support, which is harder to replicate with a small internal IT team.
  • Predictable Costs: Monthly fees are typically predictable, though they may increase as your business grows.

One major advantage of an MSP is getting it right the first time and not having to have a constant band aid effect. A lot of time and money can be lost in incorrectly deploying a critical system.

Total Cost Breakdown

Category DIY Approach Hiring an MSP
Initial Setup Varies, typically $1,000-$10,000 $1,000-$5,000
Monthly Service Fees $0-$300+ (for tool subscriptions) $50-$150 per user per month
Hardware Costs $5,000+ upfront (servers, laptops) Included or subsidized by some MSPs
Labor and Time Investment High internal labor costs MSP staff included in the service
Ongoing Maintenance 1-2 hours daily Managed entirely by the MSP

Time Breakdown

Function Suggested Tools Cost Daily Maintenance Time
Remote Monitoring (RMM) TacticalRMM, ScreenConnect Free – $5/endpoint 15-30 minutes
Patching and Updates TacticalRMM Free 10-15 minutes
Email Cybersecurity Avanan $3-$7/user/month 10-15 minutes
Vulnerability Scanning ConnectSecure, Rapid7 $1,000+/year Minimal, 1-2 hrs/week
Network Monitoring Firewalla, Unifi $129+ (one-time) 15-20 minutes
Employee Training Usecure $2-$5/user/month 1-2 hours/quarter
EDR & Antivirus Huntress, Bitdefender $2-$7/device/month 10-15 minutes
Password Management NordPass $2-$4/user/month Monthly checks
Multi-Factor Authentication Google/Microsoft Authenticator Free-$5/user/month Monthly reviews

Total Time and Dollar Loss Estimate:

Maintaining these do-it-yourself tasks takes two to three hours a day on average. Assuming an internal IT worker makes $30 per hour on average, the time missed on these duties adds up to $60-$90 per day, or roughly $1,800 to $2,700 in potential labor expenditures per month. Compared to outsourcing to an MSP, this chart illustrates the hidden costs associated with do-it-yourself administration.

Conclusion on Cost

For SMBs with limited budgets, a DIY approach can lead to significant savings if there’s internal expertise to manage the system. However, businesses that prioritize convenience and don’t have dedicated IT staff may find that the predictability and support from an MSP are worth the higher cost.

 

Authorized Reseller SecurityMetrics PCI validation certification logo