The recommendations in this article will be closely related to the topics we discussed in a prior post titled “Common Cyber Security Mistakes Made by Small Businesses.” In our previous article, we looked at risks inherent in most small business practices and how frequent lapses in cyber security measures can cause considerable harm. Now, we have compiled a detailed list of free cyber security tools that small businesses help protect against common cyber security threats. With these types of tools, small and mid-sized businesses can take the extra measures needed to provide appropriate and effective protection against potential attacks.
The Best Cyber Security Tools for Small Businesses
Password Testing and Management
Weak passwords are one of the leading causes of cyber security incidents for personal and business accounts. Attackers have access to sophisticated tools that allow them to repeatedly guess account credentials, and they are able to cleverly predict the most frequently used password and username combinations. It is crucial that all users set strong, unique passwords that are not repeated on other programs.
If a malicious actor gains access to one account, they can likely exploit this access to continue compromising other accounts, gaining more personal information from their victim. The deeper the attacker gets, the more harm they can inflict.
There are numerous free tools available for checking the strength of a password (and this takes into account several variables, including length, types of characters, etc.). You can get started by clicking on one of the solutions below:
- LastPass – Helps users manage numerous passwords.
- PasswordMeter – Allows users to test the strength of their passwords.
- How Secure is My Password? – Allows users to test the strength of their passwords.
- Password Strength Checker – Allows users to test the strength of their passwords.
Consider using one or more of these tools to set a quality score threshold that employees are required to meet for all passwords. A strong password the first line of defense against cyber attacks.
Two Factor Authentication
When passwords fail, two-factor authentication (a method of access control that requires users to validate their identity more than once and using more than one device) can be an invaluable mechanism for keeping hackers out of sensitive accounts. Most large technology companies now make two-factor authentication required when signing into accounts from an unrecognized source or location. Many companies also make two-factor authentication an option for those who desire greater security. Not surprisingly, there are a host of freeware programs that allow technology managers to deploy two-factor authentication throughout their businesses.
- Google 2-Step Verification – Get codes via text messages, phone calls or via the app Google Authenticator app for Android, iPhone, or BlackBerry can generate verification codes.
- Authy – A full service application that facilitates two-factor authentication (available for Android, iOS, Windows).
- TwoFactorAuth – A robust database of which popular websites and services offer two-factor authentication.
- MePin – Offers a combination of free and paid solutions for two-factor authentication.
Testing Suspicious Files, Websites & Other Sources
During the course of normal business operations, employees frequently download applications and tools from the Internet, and visit a wide range of websites for research, sales efforts, and many other functions. These activities can cause employees to unwittingly visit a compromised website or install a program containing a virus.
If there is any suspicion that a file or program might contain malicious software, there are hundreds of tools that can be used for determining whether or not these elements are safe. Ideally, anything suspicious should be checked before being accessed. Checking URLs can be very helpful for understanding the safety rating (or reputation) of a link before it is visited, and users can also make reports to verification sites if they find out that a website is unsafe.
- VirusTotal – A comprehensive website that allows visitors to check a wide range of assets for determining their safety.
- Windows Defender Security Intelligence – Microsoft’s malware protection resource center.
- Kaspersky VirusDesk – Helpful online virus detection tool.
- Metadefender – Malware detection service and sharing community.
File and Email Encryption
A simple best practice is to use some type of encryption to make sure that important information can’t be retrieved and exploited by an attacker. Even if your email account is not compromised, there are many other ways that sensitive emailed data can be accessed, including if the recipient’s account has been breached or if network traffic is being monitored through a man-in-the-middle style attack.
Applying encryption to communications that contain medical, financial or other personally identifying information is especially crucial. Even if you or others in the company primarily use browser-based email applications like Gmail or Yahoo, there are still free tools available for providing encryption to secure information.
- Mailvelope – Used for webmail applications (i.e. Gmail, Yahoo, Outlook.com, etc.).
- InfoEncrypt – Best for one-time use encryptions.
- Microsoft Outlook Encryption – Learn how to encrypt important private messages with built-in Outlook functionality.
- Virtru – Offers free encryption for personal use on Gmail and Outlook.
- BitLocker – Provides encryption for full drives and portable drives on Windows 10, with extended loss prevention capabilities.
While the prior section in this article addressed encryption use cases for business communication tools, here we will offer recommendations for full-disk encryption (which protects files at the hardware level). This type of protection serves as an additional failsafe for guarding business data that could be exposed if attackers are able to successfully compromise an account or system.
- BitLocker – A full disk encryption feature included with Windows Vista and later that is designed to protect data by providing encryption for entire volumes.
- DiskCryptor – A free, open encryption solution that offers encryption of all disk partitions.
- VeraCrypt – This is a widely used freeware based on the formerly supported TrueCrypt.
- FileVault 2– A free option for Mac users that is supported by most recent Apple operating systems.
For over 20 years, Domain Name System (DNS) Blocking has been an effective first line of defense for businesses of all sizes. Functionally, DNS filtering simply allows reputable and recognized traffic to pass through, while blocking harmful sources.
- OpenDNS – Although this service is no longer free, OpenDNS is widely considered to be one of the best available offerings for DNS.
- NxFilter – This free service offers Active Directory integration, Safe-search enforcing, HTTPS filtering, Bandwidth control, Per-user report, Application control, Remote user filtering, Quota time, Malware and botnet detection, Built-in clustering and more.
- ChurchDNS – Offers a free trial for interested customers.
Account and Device Management
It can sometimes be difficult to know if an account has been breached, or if credentials for a personal or business account have been compromised. Constant breaches conducted against organizations threaten to expose user credentials that can be leveraged to commit crimes or can be bundled and sold off to enterprising hackers. While many users think that their information is generally safe, it is often surprising to discover the number of times and places that the same credentials have been used to access accounts or information.
Below are two free services that will match your credentials up against known databases of breached information. This is a good starting point for determining whether your information is openly accessible online. If a computer with important, restricted or otherwise sensitive information is stolen or lost, the last tool listed below is a free service designed to prevent theft and accidental loss of your mobile technology (phones, laptops, tablets) by helping you track and recover devices.
- Have I Been Pwned? – Check if your email address has been compromised in a data breach
- BreachAlarm – Check if your email address has been compromised in a data breach
- Google Authenticator – Free 2-factor authentication using SMS text message or Voice call.
- FrontDoorSoftware – Proprietary software featuring stolen alert display, remote lockdown, start-up audible prevention alerts and geolocation tracking.
Mobile Device Security
With so many employees now using company and personal phones for remote work, it is critical that small business owners and operators have methods of managing mobile device security.
- Comodo ONE – Allows you to deploy or retire, secure, monitor and manage Android or iOS mobile devices with GPS location, wipe, and device encryption. Managers can also distribute applications, manage data and configuration settings and patch with the complete visibility and controls needed to manage any mobile device that accesses business-critical data.
- ManageEngine – Mobile Device Manager Plus is available as a Free Edition that can manage up to 25 mobile devices on a network. This edition is particularly useful for small businesses.
Whenever computers, mobile phones, external storage modules or any other devices use for company purposes are thrown away, it is always smart to ensure that ALL information has been scrubbed and physical storage components are removed or destroyed. For additional information on electronics donation and recycling services, see this EPA resource center.
Here are several free applications that assist with wiping data from devices:
- Eraser – an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Eraser is currently supported under numerous Windows operating systems.
- Active@ KillDisk Freeware – A utility that allows you to permanently erase all data on Hard Disks, Solid State Drives, Memory Cards & USB drives, SCSI storage & RAID disk arrays and even two disks in parallel.
- Disk Wipe – portable Windows application for permanent volume data destruction.
Malware Detection and Removal
If a compromise is suspected, the best next step is to scan the device that is assumed to have been affected and identify any malware present. Fortunately, most widely used operating systems have basic programs designed to root out viruses. However, other free tools can help significantly when dealing with stubborn or hard to find malware. Additionally, these tools provide helpful ways to ensure that the malware is completely removed from the impacted system. While paid antivirus and malware detection programs will always offer top of the line features, robust free tools are a smart option for those operating on a tight budget.
- Microsoft Malicious Software Removal Tool
- Microsoft Enhanced Mitigation Experience Toolkit (EMET)
- Bitdefender Antivirus Free Edition
- Emisoft AntiMalware
Software Updating & Patching Management
Developers are continuously updating their software products to fix bugs that make their programs less secure. After only a few months of not updating software and systems, they can become highly vulnerable to infiltration. The potential impact of these vulnerabilities is made worse as errors in popular software are made public on hacking forums and security websites.
The best proactive strategy for discovering and mitigating bugs before they can cause damage is to use programs that will continually scan and apply updates as issues are surfaced. Critical vulnerabilities can affect all parts of a network, including hardware elements (i.e. routers), so it’s important to be thorough when checking for updates.
Some standard operating systems like Microsoft have pre-built tools for applying patches that are issued by the developer. When using a scanning service, make sure that it is reputable and compatible with your existing operating system. As seen recently with the “Meltdown” patch, even applying automatic updates cannot entirely prevent hackers from finding new, undiscovered vulnerabilities to exploit. The tools listed below help automatically detect and remediate vulnerabilities within mobile applications, mobile devices, network hardware, operating systems, and more:
- Microsoft Automatic Updates – Step-by-step instructions for administering update and patch settings.
- Microsoft Baseline Security Analyzer – Able to conduct scans (locally or remotely) across desktops and servers to determine possible security issues. May not be compatible with all versions of Windows.
- Windows Server Update Services – Allows technology administrators to automatically deploy Microsoft product updates for centrally managed security.
- Nessus – Free vulnerability scanner for use with Windows operating systems.
- Retina CS Community & Retina Network Community – Some functions may not be free.
- Qualys FreeScan – Primarily used for scanning URLs, IPs, or Internet-facing assets, this service allows up to 10 free scans before requiring payment.
- Acunetix – free network security scanner.
Cyber attacks, natural disasters, and other impactful events can cause partial or total data loss if proper backup and storage methods are not established and managed continually. It is crucial that businesses of all sizes have several ways of storing data and saving system information. While free backup programs are almost never as comprehensive (especially for business purposes) as premium subscriptions, but they can offer a helpful starting point.
- Iperius Backup – The freeware version of Iperius Backup allows you to backup to any mass storage device, such as NAS, external USB hard drives, RDX drives, and networked computers.
- Bacula – A set of Open Source, computer programs that permit you (or the system administrator) to manage backup, recovery, and verification of computer data across a network of computers of different kinds. Properly operating Bacula will require some technical proficiency, and it is not recommended for beginners.
- MacriumReflect7 – Free backup, disk imaging and cloning solution for personal and commercial use.
- CobianSoft – Copies your files and folders in an original or compressed mode to other destination, creating a security copy as a result. This service only copies files to another location on the local network and does not back up to an off-site location.
- Carbonite – Cloud-based data backup services for small businesses. Although it is low-cost, this service does require users to pay a monthly fee.
There are many ways to protect yourself while online. But using a secure browser, basic safety recommendations, and a few free services can help you from being one of the nearly 30% of Internet users who have been victims of malware. Even reputable companies struggle to keep their customer-facing web properties secure. The risk of attack increases significantly when users visit websites containing questionable or adult content. This should reinforce the notion that users are ultimately responsible for exercising caution and using common sense when visiting unknown websites. No software or service will be able to completely protect users.
Experts generally consider Microsoft Edge, Google Chrome, Mozilla Firefox, Opera and Safari to be safe and user-friendly browsing applications. In addition to selecting a browser with a good safety rating, the tools listed below help users block unwanted scripts, redirections and tracking as they visit different websites.
- Adblock – Adblock and Adblock Plus blocks banners, pop-ups, tracking, malware and more, helping to keep you safe and focused while browsing.
- ScriptSafe – Provides the same protection as NoScript, but is specifically formatted for Chrome browsers.
- Google Chrome Cleanup Tool – This application will scan and remove software that may cause problems with Chrome, such as crashes, unusual startup pages or toolbars, unexpected ads you can’t get rid of, or otherwise changing your browsing experience.
Virtual private networks (VPN) are an excellent solution for creating secure connections that protect users when working remotely or browsing the Internet. If employees are connecting to private networks from a public location (or household WiFi), it should be a requirement that they use a VPN to guard company data and create a trusted internet connection. Not only does a VPN create a secure connection, it also masks the user’s information to provide anonymity. There are numerous free VPN options for small and medium-sized businesses.
- Betternet – Offers a complete VPN service for free and a premium version.
- Hide Me – A virtual private network compatible with Windows.
- Hide Me – A virtual private network compatible with Macs.
- Opera VPN – A Mac-friendly VPN service built-in to the Opera browser.
- Express VPN – Provides high-speed, ultra-secure browsing capabilities. While this service does offer a free 30-day trial, it does require a paid subscription for long-term usage.
- Signal – Free app that can be used for encrypted messages and phone calls.
- Tor Project – Free download for browsing completely anonymously.
- Redirect Detective – Shows the URL final destination and path.
- CheckShortURL – Shows the URL final destination.
- ESET Cybersecurity Awareness Training – Educate your employees with an online training and certification.
Applying only one of the recommended free cyber security tools for small businesses above can provide a marginal increase in security measures, but combining all of the available free tools can allow small businesses to build a fairly comprehensive and advanced cyber security program. If you have not read our article on common cyber security mistakes made by small business, we recommend that you use these posts together as a starting point for learning about free or inexpensive ways of improving your security.
Because best practices and security tools cannot prevent all breaches or attacks, readers are encouraged to learn more about how a cyber security insurance plan can provide the absolutely essential coverage needed when an incident does occur.