Cyber security on a shoestring budget
Updated: Jan 19
With technological development and the digitisation of modern business operations, Cyber Security has become the forefront of organisational concern. It is commonly stigmatised as a cost-heavy practice and is neglected as a key focus within an organisation - putting a business at risk. But building strong cyber security practices doesn’t need to be expensive or complex.
Intending to change the narrative that sadly follows in cyber security’s shadow, we’re here to explain that not only can you protect yourself from online threats at an affordable and cost-effective level but to provide free (or almost free!) alternatives and recommendations.
When examining what threats exist, an industry recognised data breach report from Verizon highlights 3 primary risks; Credential Theft, Phishing and Vulnerabilities. An additional threat to be mindful of is Ransomware, but since it is commonly the next step after gaining unauthorised access, Verizon believes by focusing on the 3 key paths you can help block Ransomware’s common routes. Although these threats are frequent, there are many actionable steps you can take to ensure mitigation.
First of all, it's key to have a strategy when securing your business. A common strategy from NIST recommends a multi-step process:
Identify: Identify what organisation systems/assets need to be protected
Protect: Protect the systems adequately
Detect: Have a process for detecting when something goes wrong, such as a cyber incident
Respond: Know how to respond to a cyber incident
We recommend doing all of the options for each of the cyber security steps. If that isn’t possible, ensure at least one is done per step to give your organisation multiple angles of protection.
Identify what systems and assets your organisation needs to protect (instructions can be found at the bottom of our article which explains the key security threats in more detail).
Ensure Multi-Factor authentication is turned on for all the accounts which are used in key systems identified in the step above.
Start using a security training platform to teach employees what to look out for when it comes to threats, such as phishing. Curricula are an example of a platform that offers the option of free security training for your employees.
Implement a password manager to help ensure your password security and management is strong. LastPass and 1Password are two popular options. Both have business plans that are reasonably priced but our favourite tool is BitWarden. We find it easy to use and more cost effective.
Ensure your computer has Antivirus and firewall enabled. Avira has a free solution for individual users. Windows have built-in protection so ensure it is turned on (Windows Defender and Windows Firewall). For more tailored business plans, solutions from Avast and Malwarebytes will cost depending on how many devices are needed.
Ensure that you have automatic updates enabled on software you are using, such as your operating system, browsers and other various software you may use. Keeping software up to date will help limit opportunities for malware and ransomware being installed on your devices.
Sign up to the free Have I been Pwned service to check if your email or phone number has been involved in a data breach and get notified if it happens in the future. Additionally you can subscribe your whole company in case any one of the email addresses becomes compromised and publicly shared.
Sign up to the free National Cyber Security Centre’s (NCSC) early warning signs service to help your organisation identify malicious activity within your network.
Adopt a basic incident response plan so your organisation knows what to do if something goes wrong. Here is a basic template which can be modified to suit your organisation and here’s some further guidance from the NCSC
Use the free NCSC exercise in a box tool to see how your organisation would handle a security incident.
To summarise, we believe many aspects of cybersecurity can be managed with some simple, but effective measures. This article aims to show that you do not need an extensive budget to ensure you are establishing security posture.
Cybersecurity requires action, engagement and education. Following some very simple but crucial steps will bolster your protection against the risks of cyber breaches, such as financial loss and reputation damage.