How to Secure Your Business for Free

One of the biggest hurdles to overcome in setting up a security program is, and will forever be, money. People believe this myth that having a security program means that they have to break the bank, but that’s not the case. There are so many things that organizations can be doing to run more securely, at no cost.

Check out the video version of this blog on our YouTube channel

Run Tests
To get the ball rolling on your securing your business, you should first run some tests. Risk assessments and vulnerability scans can help determine where the organization is most exposed. Testing employees on security best practices will give you a general idea of where their basic security knowledge lies.

Turn on Free Tools You Already Have
Mac and Windows PCs and laptops have security tools built into them. They are often times not automatically turned on but the process of turning them on isn’t difficult. Also, CRM softwares like Salesforce and Hubspot have security tools that are free to use.

Research New Security Tools
There are so many free tools at the tips of your fingers. A quick search will lead you to antivirus programs or VPNs. But first, get an understanding of what kind of data the organization will be storing, This will help you to determine which tools you need. While the free tools may not be as strong as the paid versions, they are better than having no security at all.

Train Your Staff
We’ve talked in the past about how employees can be the weakest link when it comes to security. A large percentage of breaches happen because people are easily deceived by phishing attacks. There are plenty of resources out there (YouTube) that can be helpful you raise your team’s awareness of phishing and social engineering.

Implement Security Policies
Security policies will be helpful in guiding your team through the organization’s guidelines. If there are no policies in place right now, you can start with a simple set (for free!) As your company grows over time, the policies will be able to be expanded upon.

Leadership Takes it Seriously
Having a team that cares about information security is easier to do when management is actively displaying that they are about it as well. If the CEO is not following through on policies then the rest of the team is going to slack off as well. Leaders must prove to their team that this is a serious issue.

Here is a list of free tools that our security experts have approved:

Privacy
HPI Identity Leak
https://sec.hpi.uni-potsdam.de/ilc/search?lang=en

Vulnerability Assessment
OpenVAS
http://openvas.org/

Phishing
Phishing Test Google/Jigsaw
https://phishingquiz.withgoogle.com

Antivirus
Avira
https://www.avira.com/

Password
How Secure Is My Password?
https://howsecureismypassword.net/

Communication
Signal
https://signal.org/

Safe Browsing
HTTPS Everywhere
https://www.eff.org/https-everywhere

General
Facebook Security Checkup
https://www.facebook.com/help/799880743466869
Google Security Checkup
https://myaccount.google.com/security-checkup

Network Monitoring
Nmap
https://nmap.org/

Intrusion Detection
Security Onion
https://securityonion.net/
EasyIDS
https://www.skynet-solutions.net/development/our-software/easyids/

Penetration Testing
Kali Linux
https://www.kali.org/

Firewall
pfSense
https://www.pfsense.org/

Logging
Graylog Open Source
https://www.graylog.org/products/open-source