There are a lot of security items to consider as a Small Business owner. Some physical, others software but everything depends on the nature of your business. This guide is a general strategy for security for SaaS businesses.
#1 Start with a basic free security assessment:
(Axiom lite; it looks at security from 5 different frameworks)
After this is conducted, then you'll have a better understanding of your overall security landscape.
#2 Conduct a Physical assessment:
If you have a physical location/office space - the next aspect is to secure your building and internet access. We recommend a segregated network; a closed network for office employees and a separate network for guests/visitors.
Physical Access (networking):
#3 Harden Laptops:
Hardening laptops is more complex and we typically start with a base image. Use different tools depending upon the use case of our business. Let's say you develop software using XAMPP. By default XAMPP is not secure (it's not hardened). Very rarely when building enterprise SaaS do we use XAMPP but if you do, you need to look for resources to harden the laptop. So I would recommend following this guide:
This pattern applies for all use cases, rinse and repeat for all other scenarios.
Overall, our strategy is to use the recommendations from the NIST assessment to improve our security posture.