Cybersecurity is no joke. Whether you have a website, online accounts or any type of web-based infrastructure, you are at risk for a cyberattack.
Although the public typically only hears about cyberattacks against high-profile companies, banks and government websites, small businesses make prime targets for cybercriminals, competitors and disgruntled parties. Yet, due to their lack of resources, small businesses have the least-protected websites, accounts and network systems, making cyberattacks a relatively easy job.
To help you protect your business, here are 14 small-business-friendly cybersecurity solutions to get you started.
When it comes to low-cost security solutions, you usually get what you pay for. Comodo is a global, award-winning security provider that offers free and affordable security tools that don't compromise on features and reliability. Solutions include Comodo One, the company's free IT management platform that features remote monitoring and management (RMM), patch management and Service Desk all in one place; Comodo SecureBox to shield apps from malware-infected devices; and Comodo Advanced Endpoint to automatically prevent malware from entering networks. Small businesses can also enjoy a free antivirus, free and paid SSL certificates, free internet security, mobile device management, firewall protection, security for POS systems, and many other services. Comodo offers these platforms for free because it features an app store where you can purchase add-ons and enhanced security features. [See related story: Cybersecurity: A Small Business Guide]
Looking for a single solution to cover all your bases? ESET lets you choose from a variety of security bundles to protect your computers, mobile devices, USB drives, networks and servers. For instance, the ESET Secure Business Pack guards Windows and Mac computers, as well as iPhone and Android phones, file servers, and email accounts. The company also offers custom solutions that allows you to build the perfect security tool for your business. You can choose by product type, company size and industry. Choices include endpoint security, mobile security, remote management, two-factor authentication, encryption, file security, email security and virtualization security.
3. Xirrus Wi-Fi Inspector
Most businesses that have local area network use wireless LAN connections, which are fast and efficient but still vulnerable to attacks from outside parties. Xirrus Wi-Fi Inspector provides central control for your WLAN, giving you more authority to monitor and protect your network. Attackers can make their way into an unprotected WLAN, but Xirrus Wi-Fi Inspector examines traffic and clients, guarding against abnormal activity and detecting unauthorized access points.
4. Lookout Mobile Security
It's not just computers that are at risk for security breaches. Lookout Mobile Security is all about protecting your business from cyberattacks on phones and tablets. It works by predicting, anticipating and shielding against all types of mobile threats, such as malware, data leakages, and the risks associated with sideloaded apps and jailbroken devices. Lookout also gives you complete visibility over your devices and offers advanced tools to manage risks, vet software and app vendors, investigate incidences, and ensure compliance with security regulations and company policies.
One of the tenets of cybersecurity is strong passwords for all your accounts and services. These days, even passwords based on your pet's name or your spouse's name and birthday come with risks. Random passwords are the way to go. Random.org features a random password generator that automatically creates strong, alphanumeric, case-sensitive passwords up to 24 characters long. Combine results or add your own touch for a super-secure password. You no longer have an excuse to use "password," "12345" or other ridiculously easy-to-guess passwords.
6. Stay Safe Online
It always helps to know someone has your back. Stay Safe Online, powered by the National Cyber Security Alliance, is full of tools and resources to help small business owners protect their businesses, employees and customers from cyberattacks, data loss and other online threats. You can learn how to assess your risks, monitor threats, implement a cybersecurity plan and train employees. You'll also learn what to do after an attack, and how to report one to the proper authorities to recoup any losses and bring attackers to justice.
7. FCC Small Biz Cyberplanner 2.0
Cybersecurity can be overwhelming for small business owners. Want to cover all your bases, but don't know where to start? The Federal Communication Commission's Small Biz Cyberplanner can guide you in the right direction. Just fill in your information, indicating your areas of concern, and the planner will automatically generate a custom cybersecurity plan with expert advice for your business. Areas it covers include privacy and data security, scams and fraud, network security, website security, email, mobile devices, and employees.
Encryption is the cornerstone of privacy and security in the digital world. Encrypted files can rarely be opened and read by data thieves without the specialized key. When it comes to keeping your files unreadable by unwanted eyes, even when they're stored in your system, encryption software such as AxCrypt does the job. The free version allows you to encrypt files with a 128-bit key, while the premium version allows you to encrypt with the more advanced 256-bit. You can also safely share files with colleagues, all while keeping data encrypted and the keys safe.
Protecting your website doesn't have to cost a lot. The free Cloudflare tool essentially "sits in front" of a website and fights against malicious attacks, such as SQL injections and denial-of-service (DoS) attacks that can shut down your website. Cloudflare automatically detects attacks, blocks them and creates reports to keep you up to date. It also evaluates visitors, assessing their reputations, IP addresses and other factors to determine legitimacy. Users can also block a number of IP addresses, choose security levels, set up firewalls and enable SSL security certificates for data encryption.
Large-scale distributed denial-of-service (DDoS) attacks have increased exponentially in the past few years. DDoS attacks overwhelm website resources, causing an outage that can last from minutes to days and result in substantial financial losses. DDoS attacks are particularly disastrous for businesses that sell online. You can protect your website with NSFOCUS, a DDoS mitigation provider that delivers an all-in-one cybersecurity solution for small businesses. Services include attack detection, defense, and monitoring management to combat even the most sophisticated and high-volume attacks.
It's not just consumers who face the risk of identity theft. Businesses can fall victim too. To protect your company, check out business identity protection services like CSID. This service offers threat intelligence, fraud detection, user and transaction monitoring, credit services, and data breach mitigation. For businesses dealing with super-sensitive data, CSID also offers advanced authentication methods using global ID verification systems and voice biometrics.
12. HTTPS Everywhere
Hypertext Transfer Protocol Secure (HTTPS) communication has become the standard for websites to protect data when users log in to accounts, make online purchases and complete other transactions. You can tell when a website uses this protocol because "https://" appears in front of the URL. Nevertheless, it's typically limited to select webpages and are often combined with non-HTTPS protected pages, compromising your security. You can make web browsing more secure with HTTPS Everywhere, a browser extension for Firefox, Chrome, Opera and Android web browsers released by the Electronic Frontier Foundation. It encrypts communication while you surf major websites, filling in the gaps and ensuring the security of your web browsing at all times.
Cybersecurity starts from the inside. A business can implement all sorts of cybersecurity measures, but if its employees don't get training to avoid traps like phishing, cyberattacks are just a few clicks away. Social-Engineer.com helps organizations identify risk areas and how malicious attackers can exploit vulnerabilities to gain unauthorized access to infrastructures. Employees receive training using social engineering risk assessments and tests that simulate real-life events and mimic attacks. Social-Engineer provides online and onsite training, and it can customize programs based on individual needs and requirements.
VPNs are known for allowing users an extra layer of privacy as they browse the internet. However, businesses use them to secure their internal networks and make sure that only authorized users are accessing them. You can use OpenVPN to make sure your employees aren't accessing your network through an open, unprotected connection. First, they must connect to the VPN, which acts as secured gateway to the network. Hackers can take advantage of remote connections by piggybacking off of authorized users accessing the network from the outside. With OpenVPN, remote employees can access the company network from their home Wi-Fi without worry.
Additional reporting by Sara Angeles.