[](https://www.paloaltonetworks.com/?ts=markdown)

* Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)
  ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [](https://www.paloaltonetworks.com/?ts=markdown)

* Products  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products  
  [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)
  
  * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)
  
  * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  
  * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)
  
  * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)
  
  * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  
  * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)
  
  * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)
  
  * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  
  * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)
  
  * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)
  
  * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)
  
  * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)
  
  * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)
  
  * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  
  * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)
  
  * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)
  
  * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)
  
  * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)
  
  * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)
  
  * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)
  
  * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)
  
  * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)
  
  * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)
  
  * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)  
    [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)
  
  * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)
  
  * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)
  
  * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)
  
  * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)
  
  * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)
  
  * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown)
  
  * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)
  
  * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown)
  
  * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)
  
  * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown)
  
  * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  
  * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)  
    [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg)  
    Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown)

* Solutions  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions  
  Secure AI by Design
  
  * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)  
    Network Security
  * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown)
  * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown)
  * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown)
  * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown)
  * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown)
  * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown)
  * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown)
  * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown)
  * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)  
    Cloud Security
  * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown)
  * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown)
  * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown)
  * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown)
  * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown)
  * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown)
  * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown)
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown)
  * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown)  
    Security Operations
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown)
  * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown)
  * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown)
  * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown)
  * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown)
  * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown)
  * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown)
  * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown)
  * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown)
  * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown)  
    Endpoint Security
  * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown)
  * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown)
  * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown)
  * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown)  
    [Industries](https://www.paloaltonetworks.com/industry?ts=markdown)
  * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown)
  * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown)
  * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown)
  * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown)
  * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown)  
    [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg)  
    Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown)

* Services  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services  
  [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)
  
  * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)
  
  * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown)
  
  * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown)
  
  * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown)
  
  * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown)
  
  * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown)
  
  * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown)
  
  * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown)
  
  * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown)
  
  * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown)
  
  * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown)
  
  * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown)
  
  * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown)
  
  * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown)
  
  * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)
  
  * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown)
  
  * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown)
  
  * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown)
  
  * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown)
  
  * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown)
  
  * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)
  
  * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown)
  
  * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown)
  
  * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown)
  
  * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown)  
    [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown)
  
  * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown)
  
  * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown)
  
  * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown)
  
  * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown)
  
  * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown)  
    [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg)  
    UNIT 42 RETAINER
    Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial.
    Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)

* Partners  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners  
  NextWave Partners
  
  * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown)
  * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown)
  * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown)
  * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown)
  * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown)
  * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown)
  * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown)
  * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown)  
    Take Action
  * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown)
  * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown)
  * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner)
  * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess)
  * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator)  
    [CYBERFORCE
    CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise.
    Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown)

* Company  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company  
  Palo Alto Networks
  
  * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
  * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown)
  * [Investor Relations](https://investors.paloaltonetworks.com)
  * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
  * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown)
  * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
  * [Military \& Veterans](https://jobs.paloaltonetworks.com/military)  
    [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown)
  * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown)
  * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown)
  * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown)
  * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown)
  * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown)
  * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
  * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown)  
    Careers
  * [Overview](https://jobs.paloaltonetworks.com/)
  * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/)  
    [A Newsweek Most Loved Workplace
    "Businesses that do right by their employees"
    Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown)

* More  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More  
  Resources
  
  * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
  * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/)
  * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
  * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
  * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
  * [Tech Insider](https://techinsider.paloaltonetworks.com/)
  * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/)
  * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/)
  * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown)
  * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown)
  * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown)
  * [Tech Docs](https://docs.paloaltonetworks.com/)
  * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown)
  * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/)
  * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown)  
    Connect
  * [LIVE community](https://live.paloaltonetworks.com/)
  * [Events](https://events.paloaltonetworks.com/)
  * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown)
  * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown)
  * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)  
    [Blog
    Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity
    Learn more](https://www.paloaltonetworks.com/blog/)

* Sign In  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)

* [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown)  
  Search  
  All

* [Tech Docs](https://docs.paloaltonetworks.com/search)  
  Close search modal
  [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.paloaltonetworks.com/deploybravely?ts=markdown)  
  [](https://www.paloaltonetworks.com/?ts=markdown)

1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
2. [Small Business Cybersecurity Best Practices \& Why They Fail](https://www.paloaltonetworks.com/cyberpedia/small-business-cybersecurity-best-practices?ts=markdown)  
   Table of contents

* [Why cybersecurity best practices often fail in small businesses](#why-cybersecurity-best-practices-often-fail-in-small-businesses)
* [1. Control access to business applications---not just user accounts](#1-control-access-to-business-applications-not-just-user-accounts)
* [2. Reduce phishing risk beyond email filtering and training](#2-reduce-phishing-risk-beyond-email-filtering-and-training)
* [3. Protect sensitive data where it's actually handled](#3-protect-sensitive-data-where-its-actually-handled)
* [4. Assume unmanaged and shared devices will be used](#4-assume-unmanaged-and-shared-devices-will-be-used)
* [5. Limit trust inside the environment vs. solely the perimeter.](#5-limit-trust-inside-the-environment-vs-solely-the-perimeter)
* [6. Maintain visibility where work actually happens](#6-maintain-visibility-where-work-actually-happens)
* [Why the browser has become a control point for small business cybersecurity](#why-the-browser-has-become-a-control-point-for-small-business-cybersecurity)
* [Small business cybersecurity best practices FAQs](#small-business-cybersecurity-best-practices-faqs)

# Small Business Cybersecurity Best Practices \& Why They Fail

5 min. read  
Table of contents

* [Why cybersecurity best practices often fail in small businesses](#why-cybersecurity-best-practices-often-fail-in-small-businesses)
* [1. Control access to business applications---not just user accounts](#1-control-access-to-business-applications-not-just-user-accounts)
* [2. Reduce phishing risk beyond email filtering and training](#2-reduce-phishing-risk-beyond-email-filtering-and-training)
* [3. Protect sensitive data where it's actually handled](#3-protect-sensitive-data-where-its-actually-handled)
* [4. Assume unmanaged and shared devices will be used](#4-assume-unmanaged-and-shared-devices-will-be-used)
* [5. Limit trust inside the environment vs. solely the perimeter.](#5-limit-trust-inside-the-environment-vs-solely-the-perimeter)
* [6. Maintain visibility where work actually happens](#6-maintain-visibility-where-work-actually-happens)
* [Why the browser has become a control point for small business cybersecurity](#why-the-browser-has-become-a-control-point-for-small-business-cybersecurity)
* [Small business cybersecurity best practices FAQs](#small-business-cybersecurity-best-practices-faqs)

1. Why cybersecurity best practices often fail in small businesses

* [1. Why cybersecurity best practices often fail in small businesses](#why-cybersecurity-best-practices-often-fail-in-small-businesses)
* [2. 1. Control access to business applications---not just user accounts](#1-control-access-to-business-applications-not-just-user-accounts)
* [3. 2. Reduce phishing risk beyond email filtering and training](#2-reduce-phishing-risk-beyond-email-filtering-and-training)
* [4. 3. Protect sensitive data where it's actually handled](#3-protect-sensitive-data-where-its-actually-handled)
* [5. 4. Assume unmanaged and shared devices will be used](#4-assume-unmanaged-and-shared-devices-will-be-used)
* [6. 5. Limit trust inside the environment vs. solely the perimeter.](#5-limit-trust-inside-the-environment-vs-solely-the-perimeter)
* [7. 6. Maintain visibility where work actually happens](#6-maintain-visibility-where-work-actually-happens)
* [8. Why the browser has become a control point for small business cybersecurity](#why-the-browser-has-become-a-control-point-for-small-business-cybersecurity)
* [9. Small business cybersecurity best practices FAQs](#small-business-cybersecurity-best-practices-faqs)

Cybersecurity best practices for small businesses include:

* Control app access
* Reduce phishing risk beyond email filtering / training
* Protect sensitive data where it's handled
* Assume unmanaged / shared devices are used
* Limit trust in environment (not just perimeter)
* Maintain visibility where work happens

They often fail in small businesses because they rely on consistent enforcement and visibility that many environments can't realistically maintain.  
Small business cybersecurity  
best practices \& why they fail  
1\.  
![Icon of grid](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/small-business-cybersecurity-best-practices/icon-sb-1.svg)

### Enforce access at the application level

**WHAT TO DO**

Apply access policies that consider session context, device, and behavior. Not just user credentials.

**WHY IT FAILS**

Access is often granted broadly and never revisited, especially when devices are shared or unmanaged.  
![Icon of grid](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/small-business-cybersecurity-best-practices/icon-sb-2.svg)

### Reduce phishing risk beyond the inbox

**WHAT TO DO**

Use browser-level controls to detect suspicious post-click behavior and block risky input on untrusted pages.

**WHY IT FAILS**

Email filters stop the message, not what happens after the click.  
![Icon of shield](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/small-business-cybersecurity-best-practices/icon-sb-3.svg)

### Protect data while it's in use

**WHAT TO DO**

Monitor browser-based activity and restrict what users can upload, download, or share in sensitive apps.

**WHY IT FAILS**

Traditional DLP is too complex, and browser workflows are rarely monitored.  
![Icon of device](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/small-business-cybersecurity-best-practices/icon-sb-4.svg)

### Design for unmanaged and shared devices

**WHAT TO DO**

Apply session-aware controls that adapt access and enforcement when device posture isn't known.

**WHY IT FAILS**

Many policies assume device control, but small businesses often don't have it.  
![Icon of network](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/small-business-cybersecurity-best-practices/icon-sb-5.svg)

### Reevaluate internal trust continuously

**WHAT TO DO**

Limit privileges by default, review access often, and remove stale accounts or unnecessary roles.

**WHY IT FAILS**

Permissions drift over time and are rarely audited in small teams.  
![Icon of network](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/small-business-cybersecurity-best-practices/icon-sb-6.svg)

### Maintain visibility where work happens

**WHAT TO DO**

Track session activity inside the browser to detect risky behavior across apps and users.

**WHY IT FAILS**

Most tools stop at the network or endpoint, leaving browser activity unmonitored.

## Why cybersecurity best practices often fail in small businesses

![Comparison diagram titled 'Why cybersecurity best practices often fail in small businesses'. The left column, labeled 'Assumption', lists five expectations: policies are consistently enforced, devices are managed and secured, users follow defined workflows, access is granted with context, and behavior is visible and monitored. The right column, labeled 'Reality', contrasts each assumption with outcomes including partial or manual enforcement, shared or unmanaged devices, shifting or fast-moving workflows, access that outlives roles or context, and unmonitored browser sessions, with arrows connecting each assumption to its corresponding reality.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/small-business-cybersecurity-best-practices/Why-cybersecurity-best-practices-often-fail-in-small-businesses.png "Comparison diagram titled 'Why cybersecurity best practices often fail in small businesses'. The left column, labeled 'Assumption', lists five expectations: policies are consistently enforced, devices are managed and secured, users follow defined workflows, access is granted with context, and behavior is visible and monitored. The right column, labeled 'Reality', contrasts each assumption with outcomes including partial or manual enforcement, shared or unmanaged devices, shifting or fast-moving workflows, access that outlives roles or context, and unmonitored browser sessions, with arrows connecting each assumption to its corresponding reality.")

Most advice on [cybersecurity for small businesses](https://www.paloaltonetworks.com/cyberpedia/what-is-cybersecurity-for-small-businesses) starts with familiar actions. Use strong passwords. Train employees. Keep software updated. Enable [multifactor authentication](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication).

That advice isn't wrong. But it rarely accounts for the environments it's given to.

Small businesses deal with constraints that larger organizations don't. They rely on a mix of personal and shared devices. They support remote work without dedicated IT staff. Their environments change quickly, and security tools don't always keep up. Even when policies exist, enforcement is often partial or inconsistent.

That's where best practices break down.

A policy that assumes full visibility won't hold up if users are logging in from unmanaged laptops. A training program won't prevent every mistake. Especially when workflows depend on speed and improvisation. A control that works in one part of the environment may be missing entirely in another.

So while the guidance may be sound in principle, it often fails in practice. Not because it's ignored. But because it can't be applied cleanly across fragmented systems and real-world behavior.

That's not negligence. It's architecture. And it's where most risks quietly take shape.

1. Control access to business applications---not just user accounts

-------------------------------------------------------------------

* Apply access policies at the app level. Not just usernames and passwords.
* Turn on conditional access based on device, location, or session context.
* Require reauthentication after idle time or on shared devices.
* Block session persistence where you can.
* Restrict risky actions like file exports on unmanaged devices.

**Why this matters:**

Most small businesses rely heavily on cloud apps. Email. Accounting. Scheduling. Document sharing. It's how work gets done.

That access is usually tied to individual accounts. Which sounds secure until you consider how easy it is for access to drift. A shared laptop. An old contractor login. A personal device used in a pinch.

The risk isn't just unauthorized users. It's authorized users accessing business apps under the wrong conditions. On the wrong device. Through an unmonitored session.

That's why access control needs to go beyond identity. It needs to include context. What's the device? Is it managed? Is the session secure? Are downloads allowed?

This kind of enforcement is especially important in small environments where users often wear multiple hats, share logins, or work from home. Because once someone's in, the system assumes everything that happens next is safe. That's where small business exposure tends to grow unnoticed.

**Why it fails:**

In practice, most small businesses don't have a clean inventory of who's using what. Access gets granted informally. And rarely revoked. Devices aren't always managed. Browsers stay logged in. Policies exist, but they don't follow the user into the session.

And that's the real issue.

When enforcement stops at the login screen, business apps are left open to risk. Not because someone broke in. But because no one had visibility into what happened next.

Access control only works if it holds up across all the ways people actually use the system. And in small business environments, that almost always includes edge cases.  
***Tip:***  
*Even when access is secure at login, risk increases if sessions stay open too long. Use shorter timeouts and activity-based reauthentication to reduce drift. Especially in shared or unmanaged environments.*  
| ***Further reading:***

* [*What Is Access Control?*](https://www.paloaltonetworks.com/cyberpedia/access-control)
* [*What Is Access Management?*](https://www.paloaltonetworks.com/cyberpedia/access-management)

![Icon of two charts next to each other](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/is-antivirus-enough-for-small-businesses/icon-comparison-chart.svg)

### COMPARISON

Prisma for Business vs. Consumer Browsers: See the difference.

[View Datasheet](https://www.paloaltonetworks.com/resources/datasheets/prisma-browser-for-business-vs-consumer-browsers)

2. Reduce phishing risk beyond email filtering and training

-----------------------------------------------------------

* Monitor what happens after a phishing email is clicked instead of just whether it was delivered.
* Use browser-based controls to flag suspicious logins and credential prompts.
* Block access to known malicious domains at the DNS or browser level.
* Restrict form-filling or password entry on untrusted pages.
* Limit app actions---like file access or data entry---if the session wasn't launched from a trusted source.

**Why this matters:**

[Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing) is still one of the most common ways attackers get in. Not because people don't know better, but because phishing has adapted. Today's attacks often use real websites, trusted domains, and infrastructure that looks legitimate. Many bypass spam filters entirely.

The problem isn't that users fall for obviously fake emails. It's that attackers have figured out how to exploit gray areas. A link looks normal. A login page seems familiar. And in small environments, one click is often all it takes.

Email filters and training help. But they only go so far. Training can raise awareness. It can't stop a real-time decision. And filters don't cover what happens after a message is opened.

Which means the risk doesn't end at the inbox. It continues in the browser. That's where credentials get entered, apps get accessed, and [data gets exfiltrated](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration). If there's no control at that point, the defense ends too early.

**Why it fails:**

Small businesses often rely on policies and reminders. But policy doesn't prevent someone from logging in to a spoofed site. Or entering a password into a malicious prompt. Especially when those moments happen fast, under pressure.

Once the user is in the browser, most defenses drop away. There's no visibility into what they click, where credentials go, or what actions follow. If [malware](https://www.paloaltonetworks.com/cyberpedia/what-is-malware) isn't involved, the event may not trigger any alerts.

That's the failure point.

Not the user. Not the tool. The assumption that risk stops at the email. It doesn't. And without controls that extend into the session itself, phishing remains a risk. Even in environments that think they've already solved it.  
***Tip:***  
*To reduce post-click phishing risk, look for tools that can limit user input, like blocking password entry on suspicious pages or restricting actions in untrusted sessions.*  
| ***Further reading:** [What Is Remote Browser Isolation (RBI)?](https://www.paloaltonetworks.com/cyberpedia/what-is-remote-browser-isolation)*

3. Protect sensitive data where it's actually handled

-----------------------------------------------------

* Track how data moves in the browser, not only where it's stored.
* Restrict uploads, downloads, or copy-paste actions in sensitive apps.
* Block access to file-sharing or unsanctioned tools based on policy.
* Set rules for what data can leave a browser session, and where it can go.
* Use session-aware controls to apply limits even on unmanaged or shared devices.

**Why this matters:**

Most small businesses already have protections in place for data at rest. Files are stored securely. Backups are running. Devices may be encrypted.

But data isn't just sitting still. It's being viewed, downloaded, copied, and uploaded constantly. Especially through web-based apps. This is data in motion. And it's where most small businesses lose visibility.

Why?

Because controls often focus on the system, not the interaction. A cloud storage app might be secure. So might the endpoint. But what about the moment in between: when a user pastes something into a web form or drags a file into a browser window?

That's the critical gap. Not where the data lives. But where it's actively being used.

**Why it fails:**

Most small businesses don't have dedicated tools to monitor or restrict these behaviors. And traditional data loss prevention (DLP) solutions can be too complex, expensive, or rigid to deploy effectively.

So even with the right policies, enforcement is limited. Users can download customer records to personal devices. Or upload sensitive files to tools that aren't approved. And it often happens through browser-based workflows that security tools don't fully control.

The result?

Data flows out of the organization through normal activity because the system wasn't built to monitor the moment it happens.  
***Tip:***  
*Sensitive data is easiest to lose in the places you're least likely to see it, like browser uploads, web forms, and session-based copy/paste. Make sure enforcement and visibility meet where the data is actually moving.*  
| ***Further reading:***

* [*What Is Data Security? \[Definition, Overview, \& Why It Matters\]*](https://www.paloaltonetworks.com/cyberpedia/what-is-data-security)
* [*What Is DLP (Data Loss Prevention)? An Overview*](https://www.paloaltonetworks.com/cyberpedia/what-is-data-loss-prevention-dlp)

4. Assume unmanaged and shared devices will be used

---------------------------------------------------

* Allow access from unmanaged or shared devices, but apply stricter session controls.
* Limit what users can do when they sign in from an unknown or untrusted device.
* Disable downloads, local storage, or copy actions on shared systems.
* Require reauthentication more frequently on unmanaged devices.
* Monitor sessions closely when device posture can't be verified.

**Why this matters:**

Many small businesses aim to restrict access to managed devices only. In practice, that standard is hard to maintain.

Work happens wherever it needs to. A personal laptop at home. A shared front-desk computer. A device borrowed to get something done quickly. These situations are common, not exceptional.

Which means device control is often inconsistent.

When business applications are accessed from unmanaged or shared devices, security assumptions change. There may be no endpoint protection. No device visibility. No way to confirm how data is stored or handled after access.

That gap matters. Because once access is granted, systems often treat the session as trusted regardless of the device behind it.

**Why it fails:**

Many organizations respond by trying to block access entirely. Managed devices only. No exceptions.

However, that approach rarely holds. Users find workarounds. Credentials get reused. Access shifts to whatever device is available. And visibility is lost anyway.

Unmanaged devices aren't the problem. The problem is when controls assume every device is known, trusted, and fully managed.

When policies assume full device management, enforcement breaks at the edge. Sessions happen outside expected conditions. Activity goes unmonitored. And risk increases quietly through normal use.

Assuming unmanaged and shared devices will be used isn't lowering the bar. It's acknowledging reality and designing controls that still work when ideal conditions don't exist.  
***Tip:***  
*When you can't trust the device, isolate risk to the session itself. Look for ways to restrict access to sensitive apps or features unless specific security conditions are met. Even if the device isn't managed.*  
| ***Further reading:** [What Is Zero Trust Network Access (ZTNA)?](https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust-network-access-ztna)*

5. Limit trust inside the environment vs. solely the perimeter.

---------------------------------------------------------------

* Remove unused accounts and revoke access when roles or vendors change.
* Assign the fewest permissions necessary for users to do their job.
* Monitor app usage and look for signs of privilege creep over time.
* Use time-based or session-based access wherever possible.
* Avoid assuming that access granted once should be trusted indefinitely.

**Why this matters:**

In small environments, it's common for everyone to have broad access. It saves time and avoids complexity. But it also means trust is granted once and rarely revisited.

That's where problems start. A former employee's account doesn't get deactivated. A contractor retains access to [sensitive data](https://www.paloaltonetworks.com/cyberpedia/sensitive-data). A junior team member has admin rights they no longer need. Over time, this quiet buildup of trust creates paths for misuse whether intentional or not.

Perimeter defenses assume that once you're inside, you're trusted. But modern risk comes from within the environment, not just outside it. And the longer trust stays unchecked, the more fragile the system becomes.

**Why it fails:**

Small businesses rarely have the time or tools to revisit access on a regular basis. Policies exist, but enforcement depends on memory or manual cleanup.

That's where trust drifts. A quick exception becomes permanent. A short-term role becomes a backdoor. And because the access looks legitimate, it's hard to catch until something breaks.

This isn't just about breach risk. It's about visibility. If no one knows who can do what, then no one knows what's happening. Or what shouldn't be.  
***Tip:***  
*In environments with broad internal access, look for session-based or secure browser tools that can adjust permissions as conditions change, like reducing access mid-session if the risk level increases.*  
| ***Further reading:***

* [*What Is Least Privilege Access?*](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access)
* [*What Is Identity and Access Management (IAM)?*](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management)

### Explainer Video

![Image of a woman working at a laptop.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/small-business-cybersecurity-best-practices/browser-explainer-video-thumbnail.jpg)  
See for yourself how Prisma Browser for Business ensures productivity never comes at the cost of security.  
close

6. Maintain visibility where work actually happens

--------------------------------------------------

* Monitor activity inside browser sessions in addition to network and device layers.
* Track what users do in SaaS apps: logins, file access, and risky behavior patterns.
* Flag access from unusual locations or session types, even if credentials are valid.
* Apply controls that follow the user and session, regardless of device.
* Correlate browser activity with user identity and app context to detect misuse early.

**Why this matters:**

Many small businesses think they have visibility because they've deployed antivirus software, turned on logging, or configured [network firewalls](https://www.paloaltonetworks.com/cyberpedia/what-is-a-network-firewall). But most modern work doesn't happen at the network or system level anymore.

It happens in the browser.

That's where users log in to SaaS apps, move data, approve payments, and share information. It's also where many attacks unfold using legitimate credentials and normal-looking behavior. Without visibility into those sessions, it's easy to miss the [signs of compromise](https://www.paloaltonetworks.com/cyberpedia/what-is-a-network-firewall) until it's too late.

Attackers aren't always loud. In fact, they often rely on the fact that no one's watching.

**Why it fails:**

Traditional tools focus on endpoints, infrastructure, or alerting once something breaks. But small businesses aren't equipped to correlate those signals or respond fast enough when they do appear.

More importantly, those tools miss where most user activity actually happens.

Browser-based work sessions often go unmonitored. So when an attacker uses valid credentials, moves data out of a trusted app, or accesses something unusual, the activity doesn't look suspicious because nothing in the system sees it.

The risk isn't that something was missed after the fact. It's that nothing flagged it to begin with.  
***Tip:***  
*Don't rely on login alone. Limit session duration and require reauthentication when risk increases. Especially on shared or unmanaged systems where access can drift quickly.*

## Why the browser has become a control point for small business cybersecurity

Throughout this article, the same failure shows up in different forms.

Access is granted under the wrong conditions. Phishing succeeds after the click. Data leaves through normal workflows. Devices are shared or unmanaged. Permissions drift. Visibility disappears.

These failures don't share a single cause. But they converge in the same place.

The browser.  
"85% of work happens in the browser. 95% of organizations have faced a browser-based attack in the past year."  
[- Palo Alto Networks and Omdia, The State of Workforce Security: Key Insights for IT and Security Leaders](https://start.paloaltonetworks.com/Omdia-state-of-workforce-security)

It's where users log in to cloud apps, handle sensitive data, and make real-time decisions. It's also where attackers operate---quietly---once they have valid credentials. And it's where traditional tools lose context.

Network controls don't see SaaS activity. Endpoint agents don't always run. Policies exist, but they don't follow the session.

That's why the browser has become a logical control point.

It's the one layer that sees everything: user identity, session activity, app behavior, and data movement---regardless of device or location. And often, it's the only place left to enforce policy when everything else falls short.

This shift has created a new category of security tools. Secure browser products are designed to apply policy at the session level---across users, devices, and apps---without overhauling the environment.

They're not a fit for every use case. But they're built for exactly the problems described here. And if you're seeing these breakdowns in your own environment, it may be time to consider whether the browser is where your next layer of control needs to go.  
| ***Further reading:***

* [*What Is a Secure Enterprise Browser (AKA Secure Browser)?*](https://www.paloaltonetworks.com/cyberpedia/what-is-an-enterprise-browser)
* [*10 Secure Enterprise Browser Use Cases \[+ Examples \& Tips\]*](https://www.paloaltonetworks.com/cyberpedia/secure-enterprise-browser-use-cases)
* [*How to Choose the Best Enterprise Browser for Your Business*](https://www.paloaltonetworks.com/cyberpedia/how-to-choose-an-enterprise-browser)  
  ![Icon of two charts next to each other](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/is-antivirus-enough-for-small-businesses/icon-comparison-chart.svg)

### COMPARISON

Prisma for Business vs. Consumer Browsers: See the difference.

[View Datasheet](https://www.paloaltonetworks.com/resources/datasheets/prisma-browser-for-business-vs-consumer-browsers)

## Small business cybersecurity best practices FAQs

### Is antivirus software enough to secure a small business?

No. Antivirus only protects against known malware. Most modern threats---like phishing, session hijacking, and data misuse---bypass antivirus entirely. Effective small business security requires controls that address user behavior, cloud access, and browser-based workflows.

### What are the best practices for data security in small businesses?

Protect data at rest and in motion. That means using secure storage, but also controlling what users can upload, download, or copy inside browser-based apps. Session-level enforcement and clear policies reduce the risk of accidental or unauthorized data exposure.

### Are access controls necessary if employees are trustworthy?

Yes. Access risk isn't just about trust---it's about drift. Permissions expand over time. Accounts go unused but stay active. Effective access control ensures users only have what they need, and nothing more, regardless of intent.

### What's the biggest [cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-security) gap in most small businesses?

Visibility. Work happens in the browser, but most tools don't monitor session activity. That leaves gaps in detecting credential misuse, risky behavior, and data movement, especially on unmanaged or shared devices.
Related content  
[Solution brief: Prisma Browser for Business
Get to know Prisma Browser for Business.](https://www.paloaltonetworks.com/resources/techbriefs/prisma-browser-for-small-business-security)  
[Checklist: 42 Tips to Build a Resilient Cybersecurity Program
Find out everything you need to know to build a more robust cybersecurity program.](https://start.paloaltonetworks.com/incident-response-42-tips-checklist-unit42)  
[Blog: Six Uncomfortable Truths About Working in Web Browsers
Learn why working in the browser isn't as secure as it might seem.](https://www.paloaltonetworks.com/blog/sase/six-uncomfortable-truths-about-working-in-web-browsers/)  
[Report: Global Incident Response Report 2025
Understand today's top threats and how to prepare your defenses before they strike.](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report)  
![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=Small%20Business%20Cybersecurity%20Best%20Practices%20%26%20Why%20They%20Fail&body=Cybersecurity%20best%20practices%20for%20small%20businesses%20include%20app%20access%20control%2C%20reducing%20phishing%20risk%2C%20protecting%20sensitive%20data%20where%20handled%2C%20and%20more.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/small-business-cybersecurity-best-practices)  
Back to Top  
{#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language