Online security news, recently headlined by the Epsilon breach, is fairly ominous these days. Malware, phishing, botnets, zero-day bugs — you don’t need to know what they mean to understand none sound good for your business. So what’s a home or small office, especially one with limited budget or technical expertise, to do?
Plenty. The typical home office doesn’t need a big budget or IT department to minimize risk. (Though there’s no such thing as eliminating risk altogether.) You can secure your computers and business-critical information yourself, without spending much money. In fact, none of the steps below will cost you a dime. If your business grows — a solo operation today might later have 25 employees, for example — your security needs will likely grow, and that may cost a few bucks. In the meantime, however, you can bootstrap your network security — and you don’t need a degree in computer science to do so.
Put Some Muscle On Your Passwords
Use strong passwords for everything from your wireless network to online bank account access. That means a combination of upper and lowercase letters, numbers, and symbols such as % or *. Don’t use your Social Security number, birthday, or other easy-to-guess information. Change your passwords semi-regularly, and immediately if you think they may have been breached. And — duh — don’t share your passwords with anyone. Banks and other legitimate businesses don’t solicit sensitive customer information; if someone calls or emails you asking for your password, they’re probably a crook.
Use WPA — Not WEP — To Secure Your Wireless Network
Sound technical? It is, but here’s all you really need to know: WPA (short for Wi-Fi Protected Access) offers stronger protection than its older cousin WEP (Wired Equivalent Privacy), yet the latter is still in common use. Unless you have a very outdated computer or router, you should be WPA-ready. But first things first: All wireless routers provide a basic layer of protection against intruders since they have built-in firewalls.
Once your wireless network is up and running, secure it with encryption and a strong password — not doing so is like leaving the front door of your house unlocked when you leave. Use the WPA option instead of WEP. Use WPA2, the newest version, if you can. If your network is already set up with WEP, you can change it. It’s relatively simple. (If I can do it, you can.) Netgear, Linksys, and D-Link all post instructions for their devices online. Your router’s manufacturer likely does, too.
Bonus Tip: Be sure to change your router’s admin password — this is different from the one you set up for your wireless network, and it is often left unchanged because you’ll rarely need to use it. Most manufacturers use a generic default password — Netgear’s is “password” and Linksys uses “admin,” for example. Snoops and scammers know this, and they can use it to take control of your network if they’re within range. Change it — your user manual will tell you how.
Free Doesn’t Necessarily Mean Cheap
If your budget is tight, don’t be bashful about using free tools. Some security experts might tell you they’re not enough. Other folks say you’re nuts to pay for antivirus software. Here’s the bottom line: Most small networks don’t need premium protection. You do need something, especially if you use Windows-based computers, but in all likelihood you’re not harboring the kind of state secrets that might make you the next Stuxnet target. I’ve used the free edition of AVG Antivirus for my home office for years, with zero issues. It’s easy to install and set up automatic updates and scans, neither of which have caused any noticeable performance issues on my computers. Use a free spyware application, too — it can clean out junk that your antivirus software might not. I like Spybot and Ad-Aware, but there are tons of free tools out there — and an equal number of opinions on their efficacy. CNET’s list includes editor and user ratings.
Stay Current on Software
Software makers regularly release updates and patches, often to fix security flaws. They can seem annoying and they’re easy enough to ignore. Don’t. If your computers are Windows-based, turn on automatic updates. You should likewise keep your web browser current — Internet Explorer, Firefox, and Chrome all recently released major updates and minor ones are constantly coming out as well. If you write a company blog, keep your publishing software up-to-date. Also stay on top of security updates for: Adobe Flash Player and Reader; antivirus and other security software; and Skype and other instant messaging or voice platforms.
Got your own shoestring security tip? Share it in the comments.