It's hard to think about computer security without wanting to throw up your hands. It seems like, no matter how much you worry about it or how much you spend, you can never be completely secure. Besides, if companies like Target and Premera can't protect themselves against hackers, what hope does a small company or solopreneur have?
Don't despair, says John Prisco, CEO of security company Triumfant. There are things even the smallest companies or solopreneurs can do to safeguard their technology without a big financial outlay. The most important first step, he says, is to stop relying on antivirus software to solve all your problems.
"Business users are so accustomed to anti-virus software popping up and saying, 'We just removed XYZ virus, have a nice day,'" Prisco says. "On a good day, anti-virus software might be able to detect 20 percent of the attacks that are occurring."
What should you do instead? Here are Prisco's recommendations:
1. Stop paying for anti-virus software.
That doesn't mean you don't need it, just that you shouldn't pay for it because many of the best options are free, especially to individual users or small groups. Prisco's favorites are Avast and Microsoft Security Essentials, and other tech sources such as CNET also recommend AVG and Ad-Aware. The main point here is that there's no reason for a very small company or solopreneur to pay for anti-virus when there are many options that work just as well and cost nothing.
2. Consider a managed services provider.
For a small company, a managed services provider makes the most sense, Prisco argues. In that model, you outsource your security functions and perhaps other tasks as well to an external IT company that monitors your systems. Triumfant offers its services on this model so it's natural that Prisco would endorse it. But he's certainly right that, as in any situation where you increase your buying power by joining a group, you're likely to get better security this way than you could on your own. And if you don't have an in-house security expert, having an outside one monitoring your network is a valuable added layer of protection. Depending on size and pricing, this approach may make sense for you.
3. Insist on two-factor authentication.
Security people and other tech experts know a dirty little secret they don't always share: The password is dead or soon will be. That's because today's faster processors can cycle through near-infinite quantities of letter-number-and-character combinations so quickly it's no longer necessary to guess at what your password might be.
Two-factor authentication, which requires you to use a password plus a code that you receive on your mobile phone, or a biometric marker such as a fingerprint dramatically reduces the chances of a hacker gaining access to your data or account. Always use two-factor authentication when it's offered, and choose services that offer it. This is especially important when it comes to banking and financial accounts, Prisco says. If your bank doesn't offer two-factor authentication, he advises, find one that does.
4. Keep up with updates and patches.
Prisco calls this "basic cyber-hygiene," and while it may seem like a lot of updates patches, it's important to avoid falling behind, he says. That's because operating systems (such as Windows) and software send out fixes for vulnerabilities as soon as they discover them, so the hacker's best hope is to find users who haven't patched or updated yet. Don't let that be you!