“The question is not whether you will become a victim of hackers, the question is when it will happen,” these words belong to Verizon’s director Lowell McAdam, who, like no one else, knows what he is talking about. Just four months after the company acquired Yahoo! in 2013, three billion user accounts were threatened by a hacker attack alone.
Despite the fact that such incidents are occurring more and more often, many companies have not yet done anything to protect themselves from cyberattacks, researchers recently came to this conclusion. According to a survey conducted by the UK government, 68% of executives did not receive any training in addressing information security vulnerabilities.
One possible reason for this is that management does not want to invest in expensive technology if it is not sure that it will really help protect company data. In addition, if even technical giants such as Yahoo!, could not protect themselves from hacker attacks, what is the likelihood that this can be done by an ordinary company?
Indeed, many remedies are quite expensive. The cost of an annual subscription to a complex network monitoring system, for example, ProtectWise, which records all traffic and allows you to recreate, like on a surveillance camera, and analyze the events on the network, starts from several tens of thousands of pounds.
But we have some good news: basic security measures are enough to protect against many cyber attacks. For example, to protect against the sensational ransomware program WannaCry, which used the vulnerability in the old version of Windows, if you do not invest in cybersecurity, you will have to use less technology, Microsoft has already released a patch with a fix.
There are a large number of low-cost corporate security solutions. We have selected five of them that are suitable for any company.
1. Antivirus software
Yes, threat detection and security management software can be quite expensive, but even small companies with limited resources can find the right solution. Well-known developers like Kaspersky, McAfee, and Symantec offer small business solutions that are designed for 20-25 devices. Subscriptions for such solutions start at £ 115. Subscriptions typically include data leakage prevention tools and automatic backup tools, as well as virus and spyware protection, a firewall, and sensitive data security.
In this case, you get only what you pay for. Therefore, if the potential damage from a hacker attack can be high, it may make sense to invest more in antivirus software. For example, a 10-user cloud product Endpoint Advanced developed by Kaspersky will cost approximately £ 760 a year. But if you take into account the results of a recent survey by the Ministry of Culture, Media and Sports of the United Kingdom, which showed that the average damage from a cyber attack is 1,579 pounds for all companies and 19,600 pounds for large companies, then 760 pounds a year is not so much.
2. Staff training and free online training
Before you start calculating the budget for an information security system, remember that the reason for most of the security threats is not the insidious plans of cybercriminals or foreign intelligence services, but the digital illiteracy of your employees. According to Willis Towers Watson, approximately two-thirds of all data leaks are the result of employee actions, whether unintentional, such as an unattended laptop on a train, or intentional. Only 18% of the attacks were external, and only 2% of the cases required a ransom for the return of data.
StaySafeOnline.org is a free online resource where you will find many useful tips on how to protect your company’s data, including employee training instructions. Useful information for executives, often in the form of podcasts recorded during expert discussions by security professionals, can be found at Social-Engineer.com. Here you can also purchase modern programs that simulate a real hacker attack to train employees.
3. Network performance and security services
If your company has a website, but you are not yet using productivity tools such as Cloudflare or Incapsula, we recommend that you do so. These tools — both free and paid versions — are available to help protect your website from attacks that could compromise data integrity or the website may stop functioning.
Cloudflare developers offer several versions of the solution: free, professional, for small companies and large corporations. However, even the free version is better than nothing. Moreover, in honor of their seventh anniversary, which the company celebrated last month, they give free protection against DDoS attacks, during which hackers send a large number of requests to the website so that the website becomes inaccessible to users.
Other functions that you will find in these solutions are: blocking individual IP addresses or bots with a CAPTCHA check, which the user must pass in order to access the desired website (you need to enter letters or numbers from the distorted image – such tasks are easy for humans but not for the car).
4. Protection services against identity theft
The attacker is introduced by the head of the company and asks his subordinates to deposit a certain amount into a bank account. The number of such cases, the official name of which is the compromise of corporate email, is growing at an alarming rate. According to the FBI, losses from this type of fraud increased by 1300% between 2015 and 2017.
Attacks are becoming more sophisticated. And if earlier scammers simply created similar to real email mailboxes, now they can crack corporate email. The cheapest way to protect against such incidents is through strict email communication. For example, you can instruct employees to respond to managers with a separate letter, rather than responding to a message.
However, if you need more serious security measures, companies such as Experian and Lifelock offer protection against identity theft with an alert system for just 113 pounds a year, as well as services to urgently eliminate the consequences of identity theft of customers.
5. Inexpensive but reliable mobile applications
Today, when so much important information is stored on mobile devices, it is imperative to have a solution that will protect this information in case of loss or theft of the device. Fortunately, the application world does not stand still and something new appears every day.
Password managers, for example, 1Password, remember complex passwords that are hard to guess for you and eliminate the risk of breaking into the device due to the fact that the same password was used for different purposes. Often, such applications can also generate strong passwords.
For end-to-end encryption of calls and messages, there are such free applications as Signal – use them if you need to protect confidential information from prying eyes and ears.
Also pay attention to the Keeply application, which allows employees to separately store corporate data, such as passwords or documents, in a special container application on the phone. The cybersecurity application even supports the automatic blocking function (it automatically closes when the phone is turned upside down) and the false PIN function (if someone from outsiders gets access to the phone, the application looks empty).