Cybersecurity company ESET has identified the areas that freelancers and small businesses that cannot allocate enough time and budget to cybersecurity due to limited resources should pay attention to and listed the security measures they can take.
Do-it-yourselfers can be targeted by threat actors with their financial assets and sensitive customer information. Cybercriminals chasing opportunities can track down improperly protected online accounts, devices without security software installed, or computers not running the latest operating system, browser, and other software versions. Self-employed people can build the right security infrastructure by focusing on the following preventive measures.
“Back up your important business data”
This means first determining what is important enough to back up, and then choosing a backup solution. Cloud storage (eg OneDrive, Google Drive) is a useful option as backups are automatic and no upfront investment in hardware is required. Most major providers have features that allow you to restore from previous versions even if the ransomware spreads to cloud data. However, for added peace of mind, it may be helpful to back up to a removable hard drive and make sure it is disconnected until needed.
“Use security software”
Choose a reliable product and make sure it covers all computers, other devices. Make sure you keep automatic updates turned on so it always runs the latest version.
“Keep all computers and devices patched”
Make sure you have the latest version of all operating systems and other software installed by turning on automatic updates. This means they will be patched against current vulnerabilities.
“Keep accounts safe”
Only use strong, unique passwords stored in a password manager and turn on two-factor authentication when presented (social media, email, cloud storage, router, etc.). This will reduce the risk of phishing, brute-force password guessing, and other attacks.
“Protect your mobile devices”
Keep all software up to date, install security software and don't download any apps from unofficial app stores. Ensure devices are locked with a strong password or strong biometric authentication method and can be tracked and wiped remotely if lost or stolen.
“Create a plan for situations where things can go wrong”
This “incident response plan” need not be comprehensive. Just know which IT services your business relies on and have a handy contact list to contact should the worst-case scenario occur. This will speed up recovery times. Keep a hard copy of the plan handy in case systems are forced to go offline.