Few companies these days have money to waste. But when it comes to IT security, an ounce of prevention can be worth a ton of cure if your organization gets hit by cybercriminals.

That spending is a serious concern, especially for small and mid-size businesses where budgets often get the most scrutiny from finance.

So where should small and mid-sized organizations prioritize the security funds they do have? One important area to focus: network logging.

One advantage smaller companies have over others is that they’re small. It’s much easier and a lot less expensive to keep track of everything that happens on a network when you don’t have thousands of machines and devices to worry about.

“You can relatively cheaply implement logging in a small organization,” says Chris Smoak, Research Scientist at the Georgia Tech Research Institute.  “Because it’s small and because you understand the business, you can easily understand the types of traffic and the types of interactions that machines should have.”

Tracking traffic and identifying what’s suspicious can also be done off-the-shelf with open source tools and a bargain basement entry-level approach. And once IT departments start collecting data about suspicious activity, that gives them a valuable tool they can use to show the company’s higher-ups and try to free up more money for security.

Raise user awareness

In addition to better logging, companies should also focus on making users more aware of security threats. After all, that’s who most often provides the easiest ways for criminals to enter the network.

One big example: email. Cybercriminals have gotten very good at using phishing emails to bypass intrusion prevention systems.

A way to make users better at recognizing suspicious emails, Smoak says, is to have IT security staff members actually conduct their own in-house phishing campaigns periodically and see who falls for them. Those test emails can be of different types — for example, some may be more obvious, while others specifically target an individual in the way a sophisticated criminal might.

“Over time you can tell if, say, John Smith clicked on this link the last eight times, you need to have that person come in and retrain them,” Smoak says. “What we find is that after you employ one of these things over the course of a year or two years, you start really decreasing the number of people that are clicking on links.”

Tags: chris Smouk, security, spending