13 Comandamenti per le PMI ( 🇮🇹 ) Book

Cybersecurity is no longer a luxury reserved for large corporations. Today, every business—small or large—is a potential target. For an SME, the challenge is twofold: protecting its systems without hindering business operations, with limited budgets and often just one IT person acting as system administrator, helpdesk technician, and security guardian.

This book was born with a clear goal: to provide a structured, practical, and sustainable approach to strengthening corporate security, even in contexts with minimal resources. Inside, you will find a clear 13-week plan—one chapter per week—to gradually transform your company’s security into a solid defense.

Each week, you will work on an essential “commandment,” with examples, real-world scenarios, low-cost tools, and operational checklists. In three months, you will have built a robust and conscious security foundation, without paralyzing daily operations.

But the journey doesn’t end there: at the end of the first 13 weeks, you will have completed the initial cycle and will be ready to start again—this time with greater awareness and attention to detail. In subsequent cycles, each week dedicated to a commandment will be an opportunity to refine what you have already implemented, introduce new improvements, and respond to emerging threats. In this way, security becomes a living, ever-evolving process, an integral part of the company’s culture.

Here’s a brief preview of the journey:

1. Multi-Factor Authentication – How to stop unauthorized access even in case of stolen passwords, and why MFA is the simplest yet most powerful safeguard to adopt.

2. Deny-by-default – Configure systems and applications to block everything that is not explicitly authorized, reducing the risk of malicious software.

3. Macro deactivation – Close one of ransomware’s favorite entry points and set safe policies in Office and similar tools.

4. Least privilege – Why “less is more” when it comes to user permissions, and how to reduce the impact of a possible compromise.

5. System and network hardening – Apply basic security configurations to reduce the attack surface without purchasing expensive hardware.

6. File and USB usage monitoring – Detect abnormal behavior and prevent data exfiltration, even with free or built-in tools.

7. Regular patching + MDR – Automate updates and consider a Managed Detection & Response service for continuous monitoring.

8. Attack Surface Management – Identify and secure forgotten or exposed assets before criminals do.

9. Zero-Trust – Grant access only when needed and only to those who need it, minimizing the risk of lateral movement.

10. Staff training – Turn employees into a strength rather than a weakness in your company’s security.

11. Encrypted backups – Prepare for the worst by ensuring you can restore data securely and quickly.

12. Segmentation and cloud-first – Separate networks and functions, leveraging the cloud to simplify and protect.

13. Threat monitoring – Keep an “ear to the ground” for new vulnerabilities and attacks, using open-source tools and sources.

This is not a manual to read and forget: it’s an action plan.
If you follow the weekly steps consistently, by the end of the journey you’ll have a more secure infrastructure, a more aware team, and stronger processes—ready to defend your company against today’s and tomorrow’s threats.

Click here to Download: 13_comandamenti_delle_PMI.pdf