Many companies, especially small businesses or startups, start off with an information security program that relies on free security tools.
One of the biggest hurdles to overcome in setting up a security program is, and will forever be, money. Budget is always the biggest obstacle to improving security. However, people believe this myth that having a security program means that they have to break the bank.
But that’s not the case. There are so many things that organizations can be doing to run more securely, at no cost.
1. Run Tests
To get the ball rolling on your securing your business, you should first run some tests. Risk assessments and vulnerability scans can help determine where the organization is most exposed.
After that, testing employees on security best practices will give you a general idea of where their basic security knowledge lies.
2. Turn on Free Security Tools You Already Have
Mac and Windows PCs and laptops have security tools built into them. They are often not automatically turned on but the process of turning them on isn’t difficult. Also, CRM software like Salesforce or Hubspot have security tools that are free to use.
3. Research New Security Tools
There are so many free tools at the tips of your fingers. A quick search will lead you to antivirus programs or VPNs. But first, you want to get an understanding of what kind of data the organization will be storing. This will help you to determine which tools you need. While the free tools may not be as strong as the paid versions, they are better than having no security at all.
4. Train Your Staff
We’ve talked in the past about how employees can be the weakest link when it comes to security. A large percentage of breaches happen because people are easily deceived by phishing attacks. There are plenty of resources out there (YouTube) that can be helpful you raise your team’s awareness of phishing and social engineering. It’s much better to find a free cybersecurity awareness training program than to do nothing.
5. Implement Security Policies
Security policies will be helpful in guiding your team through the organization’s guidelines. But if there are no policies in place right now, you can start with a simple set. As your company grows over time, the policies will be able to be expanded upon.
6. Leadership Takes it Seriously
Having a team that cares about information security is easier to do when management is actively displaying that they are about it as well. If the CEO is not following through on policies then the rest of the team is going to slack off as well. Leaders must prove to their team that this is a serious issue.
Here is a list of 16 free tools that our security experts have approved:
- Privacy – HPI Identity Leak
- Vulnerability Assessment – OpenVAS Assessment Scanner
- Phishing – Phishing Test Google/Jigsaw
- Antivirus – Avira Free Security Suite
- Passwords – HowSecureIsMyPassword.net
- Password Manager – Lastpass Free
- Communication – Signal
- Safe Browsing – HTTPS Everywhere
- Social Media – Facebook Security Checkup
- Network Monitoring – Nmap.org
- Intrusion Detection – Security Onion or EasyIDS
- Penetration Testing – Kali Linux
- Firewall – pfSense.org
- Logging – Graylog Open Source