The SMB Cybersecurity Checklist: Velocigo’s Minimally Accepted Security Standards
Most small and mid-size businesses don’t get breached by exotic attacks — they get breached by the basics left undone. This is the exact baseline Velocigo holds every environment we manage to: our Minimally Accepted Security Standards (vMASS). Work through it as a self-assessment. Wherever you find a gap, we can implement and manage the fix — and our cybersecurity services team can validate the rest.
1. Back up everything that matters
- Maintain offsite backups of all important systems.
2. Lock down the network perimeter
- Eliminate or limit the number of open firewall ports.
- Absolutely no RDP or SMB exposed to the internet (ports 3389 and 445 should never be open).
- Put every externally facing service and website behind HTTPS and a web application firewall (WAF).
- Require VPN with MFA to reach network assets from outside.
Not sure what your firewall is actually exposing? A Velocigo firewall audit maps every open port and rule and shows you exactly what to close. Request a firewall audit →
3. Enforce strong identity and access
- Use multi-factor authentication (MFA) wherever possible.
- Require MFA on all cloud accounts (Microsoft 365 and Google Workspace).
- Audit and reduce the number of accounts; enforce least privilege.
- No day-to-day account should hold domain admin privileges.
- Review the user list proactively with HR and management.
- Require strong, unique 12+ character passphrases that don’t expire and are never reused on outside services.
- Enforce account lockout (lock after more than 3 failed attempts within 2 minutes).
4. Patch and retire aging systems
- Patch all servers and systems on a regular schedule.
- Retire out-of-date, end-of-life (EOL) operating systems and software.
5. Train the human layer
- Run an ongoing cybersecurity awareness and phishing-simulation program.
As an authorized KnowBe4 partner and reseller, Velocigo deploys, licenses, and manages awareness training and phishing simulations end to end. Ask us to roll out KnowBe4 →
6. Secure email
- Implement advanced email filtering (Avanan, Proofpoint, or Microsoft Defender for Office 365).
- Configure SPF, DMARC, and DKIM.
- Add impersonation / business-email-compromise detection.
We implement and tune email security from the filter down to your DNS records. Get your email locked down →
7. Protect every endpoint
- Run modern antivirus with endpoint detection and response (EDR) on every device.
As an official CrowdStrike partner and reseller, Velocigo deploys, licenses, and manages CrowdStrike with EDR around the clock. Deploy CrowdStrike with Velocigo →
Ready to close the gaps? Explore Velocigo’s cybersecurity services services or book a security assessment.


