It seems like almost every day there’s another corporate data breach in the news. Occasionally the leak is something innocuous, but many times it’s sensitive or critical data like customer information, passwords, credit card numbers, or even confidential business information. Poor cybersecurity can open your business up to a host of problems like ransomware, stolen funds, lost data, tarnished reputation, or civil liability.
But let’s assume you don’t have a dedicated cybersecurity team or a giant budget for IT; are you out of luck? Thankfully, no, you still have good, low-cost options. It’s important to understand that these things aren’t foolproof (there’s no such thing as an unhackable system), nor are they comprehensive, but deploying some of these easy to use tools can vastly increase your business cybersecurity with minimal budget and effort.
1. Password Manager
Using the same password for multiple logins is one of the worst things you can do, and your passwords are a lot easier to crack than you think. The best way to make sure your team is using secure, unique passwords is to make it easy for them, and that requires a password manager. Password managers generate and securely store unique, complex passwords that you don’t have to remember; all you need to remember is one single master password, ideally a memorable passphrase.
One of the best password managers for business is Bitwarden, which offers exceptional security at a great price. It also deploys zero-knowledge end-to-encryption so even if Bitwarden itself were hacked, your passwords should be safe. And in addition to unique passwords, make sure you always enable two-factor authentication! This one-two combo makes it extremely difficult for anyone to hack your accounts, and helps ensure that even if one account is compromised, your others should be safe.
2. Virtual Private Network (VPN)
A VPN basically acts as a middle man between your device and the internet. Historically, it has been used in the enterprise space to connect remotely to business servers, and in the consumer space for privacy or spoofing location (for example, to access geo-blocked content on Netflix). In 2023, a VPN is a critical tool for any business that does any type of remote work at all. Without one, hackers can attack you on public wifi (and in some cases even your business or home wifi) without you even realizing.
A reputable VPN provider typically offers best-in-class encryption standards like Wireguard, a no-log policy (in their consumer product; you may want logs on your business plan), and regular independent security audits. The best option that checks all of these boxes and has a dedicated, robust business product is NordLayer by NordVPN. If you only have a handful of employees, then I recommend Mullvad.
3. Encrypted Cloud
If you put a high value on your business data, then mainline cloud solutions like Dropbox aren’t going to cut it; you need a product with end-to-end encryption. Usability is a huge factor, so you also want excellent business functionality like secure file sharing and tools to support collaboration, and potentially more advanced features like granular permissions, access logs, and version recovery.
One of the best options for businesses of almost any size is Tresorit. If your company needs a dedicated server, then consider Nextcloud. Do not try to run your own physical servers unless you have a full-time IT team with network security specialists on staff (and even then it’s a bad idea for any company that doesn’t specialize in tech).
4. Secure Internal Communications
Zoom is the most popular videoconferencing tool in the world. Unfortunately, it was not prepared for the surge of users that came when COVID hit, and its vast security problems quickly became apparent. In the three years since, Zoom has made substantial upgrades to its security practices, but it’s still far from ideal (especially for business use).
One relatively new, easy to use, secure competitor to Zoom is Brave Talk, which offers encrypted video chat right in your browser with no special software. However, many system integrations are still lacking so it’s not yet ready for prime time business use, and it also doesn’t offer a comprehensive communications platform like Microsoft Teams.
The best option for most businesses is to use Signal, which is the worldwide gold standard for secure communications and offers robust options across text, audio, and video, completely free and supported by donors. If you have a large team, or if you need more granular controls or the ability to regularly bring in third parties to your internal comms channels, then Wire is an excellent paid option built expressly for business users.
5. Secure Browser
The browser is the most vulnerable part of the business user tech stack. It is the gateway to the web and odds are if you introduce a breach into your systems, it will start with your browser. Adding a good ad & tracker blocker extension such as uBlock Origin to your team’s browsers will go a long way. However, the best option hands-down is to use Brave Browser, which makes high-end browser security across both desktop and mobile incredibly easy. Brave is on the cutting-edge of web innovation and nothing else comes close to combining its exceptional security with ease of use. And it’s completely free.
6. Secure Your Phone Number
SIM swapping (when an attacker takes control of your phone number) is one of the fastest-growing cyberattack vectors in the world. Most people are shocked when they find out how easy it is for a criminal to steal their phone number. Even if you’re more diligent than most in setting special security PINS and account warnings with your phone carrier, these safeguards are easy to bypass for a determined attacker. Once someone steals your phone number, they can quickly break into your other accounts, reset passwords, and steal your money or business data. Many times these attacks happen in the middle of the night, and by the time you wake up it’s too late.
So what can you do? If you choose to stick with a traditional phone carrier, absolutely nothing; you’re stuck. Mainstream telecommunications companies have completely failed to solve this problem and there’s no indication they will be fixing it any time soon. But there is a solution: you can switch your cell phone plan to a secure Mobile Virtual Network Operator (MVNO) which stands in-between you and the traditional big phone company, using their lines and satellites to provide you with service but standing in for you by proxy as the ‘account holder.’ But there’s a caveat: this solution only works if you trust the MVNO to protect you.
The best option is Efani, which requires extensive identity verification before they will move your phone number to a different SIM card, ensuring that the request really came from you. They’re also very serious about your privacy. Efani has never experienced a customer breach, but they provide up to $5 million of insurance in the highly-unlikely event that they do fail you. The network coverage is essentially the same as going through the big phone companies, and they take over all customer service so you never have to deal with the phone company again. And it’s only marginally more expensive than a traditional cell phone plan.
In the interest of transparency, my wife and I do have a small, non-controlling, minority investment in Efani, but I’d be recommending it even if we didn’t because it truly is the best option. In fact, we invested precisely because we believe in it so much. I’ve never been one for affiliate marketing, but I do believe in taking advantage of a win-win scenario, so if you choose to sign up for Efani and use this link, then you and I both get a free month off our bills.
But if for some reason you don’t want to do that, then sign up without the referral link, or consider a reputable alternative provider like Purism’s AweSIM. Purism is a great company in the hardware security space, but for basically the same price its cell phone plan currently isn’t competitive with Efani in terms of offering or protecting your phone number from hijacking. But it’s still a better option than having your account directly with a traditional phone company.
Just get your phone number secured; it’s vital to your business.
Lastly, a word of wisdom that applies across the board: update your software! Vendors release critical security patches on a rolling basis. If you don’t update regularly, you’re turning into a sitting duck.
You’ll notice one of the things that didn’t make this list was antivirus. In large part that’s because most everyone already knows to use antivirus (unless you’re on Linux, but that’s a topic for another time), but also because antivirus tends to make people wrongly complacent. Antivirus is a last line of defense; it often cannot protect against new, emerging threats or system vulnerabilities, and it certainly can’t protect against user error.
As I said, there’s no such thing as an unbreachable system, but if you implement all (or even a few) of these things then your cybersecurity will be way ahead of most other businesses. Even many professional large company IT teams are woefully behind the times on this material. Cybercriminals tend to go after the lowest-hanging fruit, so by making yourself a harder target they’re likely to just move on to somebody else. Hopefully we’ll see a day when good business security practices are so pervasive that cybercriminals just give up; until then, try to make sure they don’t come after your business.