Hopp til innholdet
SECURITY

How to improve your security without investing in IT

When you want to improve your security, but have a tight budget, here are some underestimated methods to consider.


When you want to improve your security, but have a tight budget, here are some underestimated methods to consider. 

"TOLD YOU SO"

It seems like the cyber world has gone crazy lately. People are being scammed for money and identities, big corporations are being attacked with malware, and even the most secure government units are becoming victims of evil cyber geniuses. Is nobody really safe?

The whole world can’t help but worry about security. While the world of IT experts seems to be silently repeating “Told you so”.

New posts with security checks and recommendations must be popping up in your feed every day. This is kind of one of those. Apart from one thing:

The tips below require NO INVESTMENT in IT whatsoever.

Yes, you read it right. You can improve your IT security without buying new IT tools or paying for teams of consultants.

Here is how.

Category 1: Preventive 

Aka How not to get hacked.

As a famous proverb states, the best defense is a good offense. So, technically, if you were to hack others, they wouldn’t dare to hack you.. But jokes aside.

Preventive measures are the most important ones: if hackers can’t get through your security, you have little to worry about. So companies that want to protect themselves, set up security protocols and implement monitoring solutions to make sure they discover abnormal behavior and stop the hackers before they’ve managed to do much damage.

The problem is, even the best technology will fall short unless the people actually use it and behave, well.. reasonably.

Your security is a combined effort of everyone in your organization. With each device they touch, every wi-fi they connect to, and every link they are tempted to click on. Not to mention saving the passwords on a posted note safely placed in the work desk drawer.

So here is how to get people onboard and work on security preventively:

1. Information 

Regularly inform your employees about the security measures and how to act in case of malicious attempts. Give examples like fake emails, that can appear to come from inside of the organization, with a positive, exciting proposal, like getting an invitation to a project review meeting at 5pm on a Friday, coming from your CEO. Make sure people know this is too good to be true, and behave responsibly: they should not open the invitation or reply to it.

 

2. Emergency training

To avoid panic and have a clear plan of what to do when under attack, create an emergency plan. Remember that the emergency actions should cover all employees, and they need to know what to do if they have no access to their devices, data, or internet. The usual response is to ask the employees go home and wait for the sweating security officer to find a resolution. Remember to conduct hacking response trainings and send people home regularly.  

3. Wearables 

The physical and the digital worlds are interconnected, and wearables are an exciting new way to think about security. To minimize the risk of the employees visiting malicious sites or clicking on phishing links, purchase security mittens. It can be a nice present that can be used both at work and outside of it. Consider for example these ones, currently on sale for $ 5.40.  

4. Automation 

This option requires a bit more technical knowledge, but can be implemented in any organization using a mail agent. Go to Settings > Rules and Alerts > Add new rule > Forward all emails > insert email address of an IT representative who tends to have free time. Use this rule for all employees in the company. Let’s be honest, no one is better at detecting threats than the IT guys. Don't let it go out of control, forwarding all emails to the IT department will allow them to scan them and filter out the spam before your employees receive them.

5. Networkless

Take the next step from passwordless: go networkless. As we all know, the hackings happen on the internet. That’s the battlefield, where the criminals find their victims. So the most logical, and so far the most effective way to protect your people and organization from cyber attacks, is to cut off the internet. Remember the times everyone was happy writing letters and having meetings in person? Your employees might even get more done without constant distractions. Your clients might get more excited to receive a letter instead of some regular email.

Category 2: Reactive 

Aka When you got hacked and the worst is about to happen.

Let’s say you have done all you could to prevent the attacks, but it happened anyway. The evil sneaky hackers managed to get into your environment, encrypted the data and threaten to leak it to the world unless you pay.

Don’t panic.

There are still things you can do. And if you are on a tight budget, you still don’t have to invest in IT security tools.

1. Get control of the situation 

When hacked, you will usually receive a message stating what damage the hackers have done and are planning to do. Don’t trust their word, as it is not necessarily true. Conduct your own enquiries and request a damage report from everyone who might have suffered from the breach. Put up a form online where everyone affected could fill in their name, bank account number, and estimated amount for compensation. Make sure the form can be shared freely. When you have the overview, proceed with payments accordingly. Remember to notify your potential partners in distant countries, they deserve to be compensated, too.

 

2. Reduce the damage 

When the attackers have got to you, you should think about how to reduce the damage. One of the options here is to say goodbye to the compromised data, dispose the affected equipment and close the offices. And you are ready for a fresh start. 

3. Pay them off 

This solution might not be that obvious, but it is indeed a viable option. Someone smart once said, if a problem can be fixed with paying for its solution, it is not a problem. So here is a way of responding to a hacker attack without investing in security tools and IT experts: pay the ransom to the bad guys, and this might just solve the whole situation. Keep the receipt just in case. 

Bottom line

All in all, there are quite a few ways to deal with security and hacking attacks without the need to invest time and money in optimizing your IT infrastructure, tools and protocols. And if you are still reading, you must appreciate a wicked sense of humor. 

The truth is: You need to invest in security. You need to have a proper set up and good tools in place to be able to sleep at night. They do cost. But they cost a miserable fraction of what it would cost you to become a victim and lose some of your assets or your whole business. 

This article was originally published on 1st of April.