Only 66% of businesses around the world can say they are truly prepared for nowadays’ cyber-security threats, according to a study by eSecurity Planet. The good news is that companies have started spending more in IT security in 2019 than in previous years.
Don’t wait till that happens to you before taking action. These tools are a must for those who value their privacy, as well as businesses that don’t need the hassle of an expensive data breach any time soon.
#1 — Choose Your Anti-Malware
Did you know that there are 350,000 new malware (malicious software) types are discovered every day, with the total number of known malware almost reaching 1 billion in 2019? That’s a lot of threats for one piece of software to prevent, and there are certainly areas where using anti-malware won’t cut it.
Still, it’s a much better option than trusting that 100% of your employees will practice due diligence. It only takes one click on a malicious pop-up for your company data to be exposed or deleted, so better play it safe with some great anti-malware recommendations.
As a crucial side note, definitely offer ALL your staff thorough cybersecurity training to prevent such situations in the first place. That includes anybody with Internet access; no exceptions.
#2 — Choose a Password Manager
According to the Verizon Data Breach Investigations Report (DBIR), over 80% of data breaches happen due to weak or re-used passwords. It can seem daunting – requiring employees to remember long, randomized passwords for who knows how many business accounts, especially with the need to change them once in a while. And yes, writing them down on sticky notes is a password leak waiting to happen.
Fortunately, there are plenty of password managers that can do the job for you. Not only can you create strong, completely randomized passwords, but they’ll also store them offline behind a master key – making it that much harder for hackers to breach your accounts.
Obviously, your master key could become compromised as well, but it’s no different than a hacker finding out an email password and resetting accounts left and right.
At least the master key is in your hands and you don’t have to rely on a third party’s cyber-security being up to par. (Anyone remember the 3 billion exposed Yahoo! accounts?)
#3 — Choose Your VPN Software
Virtual Private Networks (VPNs) allow for secure web-browsing and data transfer, especially in work environments heavy in mobile devices. Each of those smartphones, tablets, laptops (and fridges, apparently) can be used as a vulnerable entry point into your organization.
Even the latest Wi-Fi protocols have severe vulnerabilities that aren’t making things easier for anybody.
VPNs encrypt (obfuscate, essentially) any data sent or received over a network. All that data moves through an encrypted “tunnel”, ensuring it gets to the right people without being intercepted or tampered with.
VPNs are also quite versatile and can be installed on most devices nowadays. Some can even be set up on the routers themselves, meaning every device connected to that router will benefit from encrypted connections.
However, be wary of running “free” VPN software in the hopes of cutting costs. Research found that 38% of free VPNs on the Android platform contained malware. They’re also known to log and sell browsing data to malicious third parties. You’d be better off without a VPN at that point.
Now, using a VPN can be a huge weight off your shoulders, but it’s no use if your own browser betrays you.
#4 — Choose a Secure Browser
Hopefully, your business isn’t part of the 8% whom Microsoft pleaded to stop using Internet Explorer.
Yes, many enterprises still rely on Internet Explorer (IE) today because of its compatibility with legacy hardware and/ or software (especially based on the ActiveX framework). Bad idea. The number of breaches and vulnerabilities associated with using IE today are endless.
But at some point executives should consider an overhaul to their business if it’s keeping their employees stuck with a vastly unsecure browser.
Sure, the expenses of switching software around might hurt in the short-term – there’s no way around that. It’s still better to act while your organization is smaller in scale, rather than be caught off guard when the inevitable need to upgrade comes along.
Ideally, nobody would be visiting HTTP-only websites, but there’s still a long way to go for a fully encrypted Internet.
#5 — Find an Aggressive Ad-blocker
Finally, install an ad-blocking extension for good measure.
Let’s be honest, nobody likes ads. Allowing ads might be a decent enough way to support your favorite news site or content creator, but we’d all rather find an alternative. Moreover, many ads contain malware, some of which can even activate without being clicked.
This isn’t just shady websites we’re talking about, either. The New York Times, the BBC, AOL and many others have had malware injected into their adverts, leading to users’ devices getting infected. It’s safe to say that your business security is more important than the fraction of a cent these services receive from a single ad view.
uBlock Origin is the clear winning choice in this category. It distinguishes itself by using very few system resources and by not allowing “acceptable ads” in exchange for advertiser money. In fact, the creator doesn’t even accept donations for his work.
Moreover, the extension is open-source, meaning anyone can look “behind the scenes” to see if there are any potential vulnerabilities in the source code.
Optional: Using a script-blocker like uMatrix in tandem with uBlock Origin allows even more control over what content can be displayed on a webpage. It certainly blocks most vulnerable avenues to infiltrate an employee’s device, and then the entire network.
On the other hand, the learning curve might be a bit much. There’s a handy guide for uMatrix right here, but uBlock Origin does perfectly fine on its own too.
At the end of the day, protect yourself with the right security tools for you and your organization.