In today\u2019s increasingly hostile environment, every enterprise, be they big or small, should be concerned about cybersecurity and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world.Yet time and again, we see small- and medium-sized businesses (SMBs) left out in the cold, an unaddressed market segment that finds real protection either too expensive or far too complex to adopt. Thus, cybersecurity becomes an \u201cafterthought\u201d or \u201cadd when we can\u201d kind of service that leaves SMBs far more vulnerable than the corporate giants \u2014 just reading the news every day shows even they aren\u2019t immune to ransomware, intrusions, and data theft.It might be tempting to think that it\u2019s too late at this point for an enterprise with limited resources to start investing in cybersecurity \u2014 after all, if the bug guys still get hit, what\u2019s the point in trying to catch up?If you haven\u2019t already, start thinking about security nowActually, there are plenty of reasons to start thinking about cybersecurity right now. The advice from industry and government to SMBs is united in this regard and aligns with the Chinese proverb: \u201cThe best time to plant a tree was 20 years ago; the second-best time is today.\u201dAt the recent RSA Conference, I had the occasion to speak with Candid W\u00fcest, vice president of cyber protection and research at Acronis, about cybersecurity for the SMB and how a resource-strapped entity should be looking to protect themselves. He spoke pragmatically about the situation small companies find themselves in and suggested the following low-cost, high-return fundamental strategies (along with the basic rubric of don\u2019t defer, get the car moving, and revise as you are able):Maintain visibility into your network \u2014 if an SMB has one, then it is incumbent upon administrators to know every item touching the network.Implement multifactor authentication (MFA) everywhere possible.Ensure all network access is role-based \u2014 no one who doesn\u2019t need to see a system should be able to touch it (again, with access granted through MFA).Verify where your data is coming fromThis sound advice was echoed by Utimaco CTO Nils Gerhardt, who availed himself to be interviewed during the same RSA Conference. SMBs must start somewhere, and the first step is to implement multifactor authentication everywhere, Gerhardt said. From the point of view of a Europe-headquartered entity, he further recommended that companies put in place the ability to verify the provenance of their data.That\u2019s just smart practice for any business, and why many countries are looking to keep tabs on where data comes from, regulate what data should be protected, and in some cases determine how it should be treated. Small business operators should be aware that regulatory regimes are also for their protection, not just the big guys \u2014 regimes such as GDPR and the European Data Act (EDA), which details data ownership and \u201cgives individuals and businesses more control over their data through a reinforced data portability right, copying or transferring data easily from across different services, where the data are generated through smart objects, machines, and devices.\u201dThere\u2019s more government help available for SMBs than might be immediately apparent. Recent United States and United Kingdom government efforts are timely and readily available to address shortcomings and bring resources to the table for the SMB.US help for small and medium-sized businessesThe United States has created a \u201cSmall Business Cybersecurity Community of Interest\u201d (COI) within the rubric of the National Cybersecurity Center of Excellence (NCCoE). The NCCoE, established in 2012, provides businesses with practical information on securing their information technology. At the inaugural community of interest event in March 2023, US Deputy Secretary of Commerce Don Graves commented that: \u201cThis initiative will help to make sure that NIST\u2019s guidance is both meaningful and practical for smaller companies and other organizations to put into use. Beyond benefiting the NCCoE and its participants, this new community of interest promises to improve the return on all of NIST\u2019s investments in cybersecurity research, standards, guidelines, and practices.\u201dThe NIST COI initiative is designed to get SMBs into the mix and to bring to the forefront resources so they may become cybersecurity aware and hardened. Couple this with the plethora of resources provided by the Cybersecurity and Infrastructure Security Agency (CISA) and every SMB has a healthy slate of resources to advance their knowledge considerably. Topics addressed by CISA for the SMBs include securing supply chains and assessing vendors and vendor security posture.\u00a0UK help for small and medium-sized businessesThe UK\u2019s National Cybersecurity Centre (NCSC) offers its own cyber action plan, which includes a free assessment for small organizations. The online assessment normally takes between three-to-five minutes to complete. The assessment walks the user through a basic cyber hygiene survey. The results are analyzed immediately, and the user is given a \u201cpersonalized action plan\u201d that the business can do right now to heighten its cybersecurity posture as their takeaway.Lindy Cameron, NCSC CEO, noted that while small businesses are the backbone of the UK economy, \u201cwe know that cybercriminals continue to view them as targets. That\u2019s why the NCSC has created the Cyber Action Plan and Check Your Cyber Security to help them boost their online defenses in a matter of minutes. I strongly encourage all small businesses to use these tools today to keep the cybercriminals out and their operations on track.\u201dOther governments offering cyber help for SMBsThe US and UK are not alone in providing sound advice and resources for smaller enterprises. The Canadian Centre for Cyber Security has a small-business information portal as well as offering Cybersecure Canada, a cybersecurity certification program for small and medium-sized organizations. Australia also has guidelines for its SMB owners.SMBs who avail themselves of advice from industry professionals such as Gerhard and W\u00fcest and research the resources available to them from national and local governments will find that they are able to achieve a modicum of cybersecurity at little or no cost. Then, as advised, continually assess their situation, and as able to close those gaps which carry the highest risk. The important message is that these resources are out there to get you started, but you might have to do a little digging to find them. It\u2019s absolutely worth the effort.