Director of Verizon Lowell McAdam once said that any company would sooner or later become a victim to hackers, no matter how hard it tried to ensure cybersecurity. McAdam has his reasons for such an opinion. In 2013, three months after the acquisition of Yahoo, three billion accounts were at risk due to a single hacker attack.
However, the inevitability of an attack doesn’t mean that no protective measures need to be taken. After all, one hack in the entire history of a company is much better than ten hacks or a hundred hacks (though hardly any company, even a large one, can survive this). Although hackers’ activity is growing, and incidents are more frequent, many companies continue to ignore the danger.
According to a survey conducted by the UK government, 68% of business leaders have not received any training on how to mitigate information security vulnerabilities. Perhaps the reason for this is in the reluctance of managers to undertake significant expenses without being sure about the result. What can an average mid-sized company hope for if even tech giants can’t fully secure themselves from attacks?
Indeed, many cybersecurity systems are expensive. However, basic security tools built into the OS or free additional software are enough to protect you against the overwhelming majority of malicious programs. In addition, there are many budget solutions for corporate security. We’ll consider five of the most popular ones that will suit any company.
1. Antivirus software
Malware detection software can be expensive, but companies like Kaspersky or McAfee offer budget solutions for small businesses. An antivirus subscription for 20 devices will cost about $100-150 per month. For larger companies, there are more complex and expensive solutions, the price for which varies between $500-1000 per month. Given the fact that large companies experience damage from hacker attacks to the extent of around tens of thousands of dollars every month, such costs look quite reasonable.
2. Training and instructing employees
Data leakage often occurs even without the intervention of cybercriminals – solely due to the negligence of employees. This can be a laptop or phone left unattended, an account logged into on someone else’s computer, etc. According to a Willis Towers Watson study, about 70% of leaks are employees’ fault. Such portals as StaySafeOnline.org, Social-Engineer.com, etc. provide articles, online training, and useful information for employees and managers on how to significantly reduce the vulnerability of company data using simple measures. If you want full-fledged training, you can order a realistic simulation of a DDoS attack and organize interesting and useful gamification for your employees.
3. Network performance and web security
In modern business, one can hardly find a company that doesn’t have a website. Meanwhile, every website needs protection from attacks that can lead to its disruption or data losses. For this purpose, you can use budget solutions like those offered by Cloudflare or Incapsula. They provide both basic free versions and advanced paid ones, including those with additional functions such as CAPTCHA checks, bot blocking, etc.
4. Personal data protection services
Companies have to defend themselves not only from attacks on their intellectual property but also from common fraud. If employees receive an email from a manager’s corporate address with a request to transfer a certain amount of money to a specified account (for example, to help a colleague in trouble), many are ready to do it without asking questions.
According to the FBI, the damage from such fraud has increased significantly over the past few years. Fraudsters are becoming more skillful and not just creating mailboxes that look like corporate accounts but hacking the real ones. You can protect your company from such a threat for free, by introducing strict rules for correspondence between employees, or for a price by purchasing a protection package from Experian or Lifelock costing around $150 per month. Such services not only provide additional protection against hacking of corporate mail but also help to eliminate its consequences in the shortest possible time.
5. Mobile applications
Mobile devices are actively used in business processes, so having a solution to protect the data passing through them is vital. There are special app managers that generate and manage complex passwords. End-to-end encryption applications such as Signal help to protect calls and messages, and apps like Keeply provide the opportunity to store data in a secure container.
At Andersen, we pay great attention to cybersecurity and provide consultation to our clients. During the period of lockdown and active transfer to remote work, we helped some of our current clients adapt to new conditions and organize secure processes. Since then, interest in corporate security services has only been growing, and in a short time, cybersecurity has become an important area for our company.