Practical guide to preventing cyberattacks – necessary services and solutions for SMEs

Practical guide to preventing cyberattacks – necessary services and solutions for SMEs

In Romania, there is still a misperception that SMEs are less targeted by cyberattacks, due to the low value of the data managed or the size of the business. In reality, they are frequently targeted by attackers, precisely because of the lower level of protection. Cybersecurity risks are significant, both from the perspective of compromise incidents and sanctions generated by non-compliance with legal requirements (e.g. GDPR, NIS2).

In the first four months of 2025 alone, the National Supervisory Authority for Personal Data Processing (ANSPDCP) imposed 52 fines in Romania, totaling over 230,000 Euro, and over 30% of these sanctions were caused by unauthorized disclosures of personal data following cyber attacks. We are no longer talking about hypothetical risks, but about concrete and increasingly frequent threats that directly affect the activity of organizations. And SMEs, often lacking the necessary resources for a solid defense, are among the most exposed.

A cyberattack can mean not only financial losses and legal penalties, but also business interruption and major image damage. That is why a minimally functional, well-developed cybersecurity system is no longer an option, but a necessity. In this article, we propose a practical guide dedicated to SMEs that want to take concrete steps towards effective digital protection.

What should a minimum functional cybersecurity system contain?

An effective security system does not have to be complicated or made up of numerous expensive solutions, there are some essential components that any SMB should have to protect itself from current threats:

1. Next-Generation Firewalls (NGFW)

Old firewalls can no longer cope with modern attacks, which are increasingly intelligent and difficult to detect. An NGFW offers advanced protection against malware, ransomware, SQL Injection, data exfiltration, or malicious code attacks.

These solutions are especially essential if the organization uses cloud services or SaaS applications (such as CRMs, collaboration platforms, etc.). NGFWs provide detailed visibility and control over applications, including those used without IT (shadow IT) approval. In addition, they can manage and secure devices such as IoT sensors, cash registers (POS) or employees’ personal phones, through access rules and monitoring of their behavior, and they can ensure network segmentation (dividing the company’s internal data network into groups of devices, so as to ensure user access only to the applications and equipment necessary to carry out their activity, thus limiting the possibilities of a lateral movement in the network of an attacker).

2. Centralized access control + multi-factor authentication (MFA)

Small or medium-sized businesses are often vulnerable because they don’t have clear policies on access to data and systems. Employees can fall victim to phishing, and without two-factor authentication a compromised account can be quickly exploited by an attacker. Moreover, former employees can retain access to important emails or files if access is not revoked immediately. In many cases, accounts are shared among multiple colleagues, making it impossible to identify the source of an incident. In the context of remote work and the use of personal devices, the risks increase. A centralized access management system, along with multi-factor authentication, helps prevent these issues and is essential for complying with compliance rules (such as GDPR or NIS2).

3. Extended Detection and Response (XDR)

Most SMBs don’t have the resources to manage multiple separate security solutions or hire security analysts. That’s why an XDR solution is ideal: it integrates multiple functions into a single platform – endpoint protection (EPP and EDR), network monitoring (NDR), alert correlation (SIEM), and user behavior analysis (UEBA).

In short, XDR stands for prevention, detection and rapid reaction – all in one easy-to-manage system. It is a suitable solution especially in the context in which more and more SaaS applications are used in the company, and modern threats (such as ransomware) can quickly spread on the network.

The three basic components – NGFW, access control + MFA and XDR – must be complemented with a process of recurring updating of the software versions used in the company and with specialized services that ensure continuous monitoring of the IT infrastructure, effective risk management and compliance with legal regulations. These services are essential for a complete and professional approach to cybersecurity in a small or medium-sized company.

1. GRC (Governance, Risk and Compliance) Consultancy

For SMEs, mistakes related to compliance with legislation or lack of clear risk control can have serious financial and legal consequences. Without a coherent approach to governance, risk and compliance (GRC), companies can delay the implementation of measures required by law, have problems with audits and face fines or reputational losses.
A trusted GRC partner can help you with:

• identifying the real risks to which the company is exposed,
• developing clear policies and procedures, compliant with current regulations (such as GDPR or NIS2),
• the effective management of security incidents,
• support during external audits or in crisis situations.

In other words, GRC consulting helps a company to be one step ahead of risks and avoid consistent penalties.

2. MDR (Managed Detection and Response) Services

Even if you don’t have an extensive IT department or security specialists, you can benefit from advanced protection through an outsourced MDR service. This service offers:

• round-the-clock access (24/7) to a team of experts in attack detection and response;
• real-time monitoring of suspicious activities;
• rapid response in the event of an incident, without the need for a dedicated security operations center (SOC).

In addition, MDR services help meet legal requirements for incident detection and reporting, whether your employees are working from the office, from home, or in the cloud. All of this comes in an affordable, subscription-based package with no large upfront investments.

In addition to these services, the company must ensure a process of updating its software elements – applications, operating systems and firmware.

By combining the core technical components with these complementary services, SMEs can build a robust cybersecurity system adapted to current realities and legal requirements – without excessive complexity or impossible costs.

Safetech Innovations’ practical proposal for high-performance cybersecurity in SMEs

Starting from the realities and needs of small and medium-sized companies in Romania, Safetech Innovations proposes a coherent and scalable package of solutions and services that cover all the essential components of a modern cybersecurity architecture: protection, access control, continuous monitoring, advanced detection and compliance. This approach is built on the experience gained over more than 14 years in the security field and on strategic partnerships with global technology providers.

1. Network-level protection – NGFW delivered through Safetech Innovations

Safetech is an “Innovator” partner in Palo Alto Networks’ NextWave program and provides SMBs with next-generation firewalls with advanced detection features based on Artificial Intelligence and Machine Learning. These solutions (available in physical or virtual variants) detect and block malicious files before they reach the network, identify and isolate infected hosts, and prevent the spread of malicious code. Thus, attacks are stopped in real time, and the risks of operational interruptions or data loss are minimized.

2. Access control and secure authentication – Microsoft Entra ID, implemented with the support of Safetech

Formerly Azure Active Directory, Microsoft Entra ID is a robust solution for access management in the organization. Through multi-factor authentication, single sign-on, and dynamic access policies (depending on context, device, location, or risk level), the system automatically blocks unauthorized access attempts and protects critical apps, files, and accounts.

Safetech ensures the implementation and configuration of the Entra ID platform, so that SMEs can quickly benefit from granular and efficient control over access to digital resources.

3. Extensive protection at the device and network level – Cynet and Stellar Cyber

Safetech integrate two leading platforms for complete coverage of threat detection and response needs:

• Cynet provides advanced protection (EPP and EDR) at the endpoint level, automatically detecting and blocking ransomware, fileless attacks, zero-day exploits, data theft attempts, or lateral movements of attackers.
• Stellar Cyber is an open XDR platform that combines network detection (NDR), multi-source alert correlation (SIEM), user behavior analysis (UEBA), and response automation through predefined playbooks (SOAR).

These platforms can be deployed as on-premise solutions or as services provided by Safetech’s Incident Response Center (CERT TSI®), with 24/7/365 coverage.

4. GRC consulting – outsourcing the CISO role

For companies that do not have a dedicated governance and compliance officer, Safetech offers GRC services through which it takes over the duties of a CISO (Chief Information Security Officer). The service covers:

• risk and incident analysis and management,
• creation of security policies,
• support in external audits,
• crisis and vulnerability management,
• alignment with legal requirements and compliance standards (including GDPR, NIS2).

This service helps SMEs to manage risk challenges more effectively, without investing in complex internal structures.

5. MDR services with Threat Intelligence – delivered by STI CERT

Safetech’s MDR service, delivered through its STI CERT team, offers a complete incident detection, monitoring and response solution, without the need for its own security operations center (SOC).
Structured on three levels (Essential, Advanced, Elevate), the service adapts to the size and complexity of each company and includes:

• integration with existing infrastructure,
• automatic discovery of assets and their vulnerabilities,
• 24/7 analysis and response,
• access to up-to-date threat intelligence (Threat Intelligence), relevant at regional and international level.