Numerous website vulnerability scanners are available from Qualys, AlienVault, Acunteix (most of which offer free trails) while free open source tools abound although these require more expertise. Tools such as Vega and W3af and SQLmap are good places to start.
Disable risky software
Most work PCs run far too much software, some of it installed by employees without admins knowing anything about it. This is incredibly risky but luckily remediation is possible simply by removing common-targeted software known to have a stream of zero-day vulnerabilities. Chief offenders are Flash video plug-ins for browsers, Adobe's PDF Reader application and the Java Runtime Environment (JRE, including old versions), and almost anything published by Apple, none of which are as essential as they once were. Remove them and you remove a large chunk of risk for very little disadvantage. You need PDF capability? The latest browsers build in a sandboxed viewer without the need to load the full program or even download the file. At the very least, interfaces such as Flash should be enabled on demand, which requires the user to run them manually.
"If you can't disable software, at the very least be aware of what software is running in your environments. Monitor, monitor and monitor. Check who is doing what, what files are being accessed, who is logging on etc. Get to know what your system looks like," says Javvad Malik, Security Advocate at security firm AlienVault.
Use encryption wisely
No technology is more often invoked as a simple way to improve security than encryption, but using it is not a simple panacea. The first challenge is that encryption is often expensive, proprietary to specific applications and, of course, the keys used have to be stored somewhere secure too.
However, encryption can still be useful for stored data, particularly mobile devices with platforms such as iOS and Android offering secure encryption as standard on recent versions. Business laptops will always be offered these days with Full Disk Encryption (FDE) as an option, one the SME should always take. USB sticks should also always be encrypted.
Small-scale desktop encryption is a bit more complicated, more so now that the famous stalwart open source program TrueCrypt is no longer seen as trustworthy. Microsoft offers the excellent BitLocker in Pro versions of Windows, including Windows 10, which should be the basis of any desktop running the OS that accesses important data. Tools tend to work in different ways from file by file encryption to creating encrypted volumes. Volume-based tools worth looking at include DiskCryptor and FreeOTFE.
Symantec offers Drive Encryption, and although relatively expensive dies offer some central administration.
However, as Javvad Malik of AlienVault reminds us before rushing to encrypt everything: "Another question worth asking is, "do we actually need this data?'"