The Frugal Networker

by Dean Chester

Cybersecurity has been a hot topic for quite a while and it’s not likely to change any time soon.

“Equilibrium” by Guido Sorarù is licensed under CC BY 2.0

Every new day brings more data breaches and more online scams. No single entity is completely safe, it seems: hackers target both private individuals and companies. The size of an organization doesn’t matter either because the security of even the largest of them such as Yahoo and eBay can become compromised.

Not all cybercriminals are ambitious enough to go after corporate giants. Sadly, some also have smaller businesses covered. And when the security of those gets breached, the losses may look negligible to companies that deal with billions of dollars. For a small, family-run enterprise, such losses often become insurmountable and lead to it going out of business.

One of the main reasons why small companies are such an attractive target for hackers lies exactly in their size. Because of it, these businesses can’t afford to spend a lot of money on their Internet security. They can’t afford large teams of security specialists that – for all the owners know – may never actually prove useful. Obviously, such an idea is wrong, but as long as there are no apparent breaches (which situation can very well be a result of the said specialists’ work), it’s hard for some people to see value in supporting such a team.

It’s possible, of course, to find free or low-cost solutions and to save on one’s cybersecurity. But is it a responsible thing to do?

It’s been said time and again that when something is free, it’s because you are the product. Money spent on providing that free solution must come from somewhere, after all.

There are a few ways in which money can be made off of customers who use free cybersecurity software:

• They can be shown ads coming from third-party vendors. The frequency of it can vary from “relatively unobtrusive” to “all the time”.
• Speaking of advertisers, the customers’ private info can be sold to them to expand their bases of people to target. This is especially true for shadier providers of free services such as virtual private networks and the like, that is, services that have access to the users’ Internet activity. The information gathered by such a “free” service can be then used to better understand what ads to show to their client base.
• As a more extreme example of the above, free users’ Internet bandwidth is known to have been sold to a third party that used it for its own purposes, and those purposes weren’t benign. In fact, they included creating a botnet and conducting DDoS attacks on certain websites.
• Pestering free users with ads has another purpose as well: it’s easy to get tired of such an inconvenience so much that getting a paid version of the same service will seem like a cheaper option.
• Related to the last one, free versions of antivirus and other computer security software most often do not have all the features that the paid ones do, making their users consider investing money into them.

Besides that, there are definite concerns about the levels of security and protection that those free solutions can provide. As they are free, it’s somewhat unreasonable to expect them to have the best technology available.

If it’s a private individual we’re talking about, it’s obviously up to them to decide if they want to skimp on their security or not. However, as far as companies are concerned, things are more complicated.

If a business becomes a target of a data breach, it doesn’t only endanger that business. Its clients’ personal data may also be obtained by the perpetrator, and that’s bad news for both the clients and the company’s reputation.

That’s why I don’t think it’s the best decision for a business to rely exclusively on free cybersecurity software. It may be enough to protect it but the chances are not terribly high.

However, the question of money still stands. Yes, in the case of a breach the company is going to lose even more, but it doesn’t make the wherewithal to get professional security tools just magically appear. So what can be done?

• Reinforcing the weakest link of cybersecurity: to make sure employees won’t click any suspicious links or tell anyone their passwords is supremely important. It can be done by anyone with a good grasp of IT security, really, but ideally, it should be entrusted to professionals.
• System penetration testing: while it should be performed regularly, it doesn’t require having permanent staff and can be done\by a security company.
• Getting cybersecurity tools at a discount: almost all major software manufacturers hold a sale from time to time, allowing small businesses to save quite a lot if they’re buying many copies at once.
• Getting a data breach insurance: if a breach does happen, this can help with covering the losses and subsequent expenses, including those inflicted by reputation damage.

Although finding the balance between security and keeping costs neutral is not an easy task for smaller businesses, it is necessary to take care of it. In the long run, the potential price of negligence is going to be much higher than spending on protection.

Dean Chester is a cybersecurity expert and author. He is absorbed in online security and takes all measures to ensure that non-tech-savvy users can be protected on the Internet.