Cyber crime damages are predicted to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015, according to a report from my company, Cybersecurity Ventures. Nearly half of all cyber attacks are committed against small businesses.
Considering the statistics, it’s not a question of if a small business will be hacked, but when. Small businesses don’t have big budgets for cybersecurity, but there’s a myriad of free tools they can use to protect themselves against digital intruders.
Free email security protection
Email theft is one of the most popular cyber crimes, and it exposes small business login IDs and passwords to hackers.
The recent Equifax breach caused roughly 143 million U.S. consumers to have their email credentials and other information accessible to hackers. That equates to around 55 percent of Americans age 18 or older who have been affected. Last year’s Yahoo and LinkedIn hacks exposed hundreds of millions of user accounts to hackers.
A large chunk of the email addresses that are stolen and sold as a result of these hacks belong to small businesses, and their employees. Stolen email addresses are for sale on the dark web, a part of the world wide web that requires special software to access. Cyber criminals buy and sell login IDs and passwords, Social Security numbers, credit card digits and other on darknet sites. If a small business has its email addresses accessible to hackers, the results can be devastating. It’s frightening to think of the confidential information that a cyber thief will find when browsing through inboxes, sent messages and folders.
But, there’s free email protection that takes less than five minutes to set up.
Practically every email app in use by small businesses — ranging from Microsoft’s Outlook to Gmail, Yahoo Mail and AOL Mail — has a feature called “Two-Step Verification” (a.k.a. “Multi-Step Verification”).
In a nutshell, two-step verification means that in order to gain access to an email account, an extra step is required. After a user types in his login ID and password, he’s prompted to enter a secret code. The email app instantaneously sends the user a text message with a unique code. Then the user checks his phone for the code, and types it to proceed into his email account.
Hackers hate two-step verification because it prevents them from accessing some of the stolen email accounts they buy. When prompted for a secret code, a hacker has no way of knowing what it is. And the real user is notified of the fraudulent login attempt.
All small businesses should turn on two-step verification for their corporate email, and recommend to their employees for personal accounts. To encourage employee participation, an employer should point out the personal benefits to their employees (namely protecting their own confidential information).
Surprisingly, most small-business owners and employees are either unfamiliar with two-step verification or they simply don’t bother to turn it on. There are easy-to-follow instructions for turning on two-step verification in Outlook, Gmail, Yahoo Mail and AOL Mail.
Free cybersecurity tools
Global spending on cybersecurity products and services is predicted to exceed $1 trillion cumulatively over the next five years, from 2017 to 2021, according to another report from Cybersecurity Ventures.
The thought of spending money they don’t have scares off small-business owners when it comes to cybersecurity. They just deal with the fallout after they get hacked. But, cyber protection doesn’t have to break the bank. In fact, these 10 free tools cover some of the biggest cybersecurity risks and they don’t cost a dime:
- Avast Free Antivirus is award-winning free antivirus protection for PCs, Macs and Android devices.
- Free Mobile Security for Apple iPhones protects against phishing attacks and post-breach email leaks.
- Ransim is a free ransomware simulator tool that informs how vulnerable a network is against ransomware attacks.
- Browser Stored Password Discovery Tool helps find out where browser-stored passwords are being used before hackers can exploit them.
- Weak Password Finder is a fast, easy way to find weak employee passwords used for email, surfing the web, watching videos, listening to music and more.
- SiteCheck scanner is a free website malware and security scanner that quickly tests for malware, website blacklisting, spam injections and website defacements.
- SSL Server Test is a free online service that performs a deep analysis of the configuration of any SSL web server (hint: you have this if your website is accessible via “https://” — note the “s” at the end for secure) on the public internet.
- FreeScan accurately scans networks, servers, desktops or web apps for security vulnerabilities.
- ProtonMail offers free secure end-to-end encrypted email accounts with all user data protected by strict Swiss privacy laws.
- ZoneAlarm Free Firewall manages and monitors all incoming and outgoing traffic and shields users from hackers, malware and other online threats that put privacy at risk.
Free cybersecurity glossary
For small-business owners and IT managers who want to bone up on cybersecurity, check out The A-Z List of Computer Threats from Sophos.
If that’s not enough, Cybersecurity Ventures maintains a list of glossaries for looking up more advanced cybersecurity and cyber warfare terms.