Recent cyber breaches at Target, Sony, and The White House reveal one simple truth: Online security is everyone’s concern. As larger businesses take steps to secure their networks, less secure smaller businesses must develop their own cyber security plans, finding the right tools for their needs, as well as their budgets.
Here is a list of online security tools for small businesses. There are tools for cyber defense and secure communication. Included are encryption applications, security testers, secure communication tools, password apps, online security platforms, an open threat exchange, and a cyber security planner for small businesses. Nearly all of these tools are free or have free plans.
Online Security Tools
FCC Small Biz Cyber Planner. By the Federal Communications Commission, the Small Biz Cyber Planner is an online resource to help small businesses create customized cyber security plans. Create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns. The site also has a Cybersecurity Tip Sheet. Price: Free.
Surveillance Self-Defense. From the Electronic Frontier Foundation, Surveillance Self-Defense is a guide to defending yourself and your friends from surveillance by using secure technology and developing careful practices. Get a security starter pack to assess your personal risk, protect your most cherished communications and information, and start thinking about incorporating privacy-enhancing tools into your daily routine. Price: Free.
Open Threat Exchange. Hosted by AlienVault, Open Threat Exchange is an open threat information sharing and analysis network to put effective security measures within the reach of all organizations. Open Threat Exchange provides real-time, actionable information for all participants. AlienVault also offers a free ThreatFinder to quickly analyze a network for compromised systems and malicious communication. Price: Free.
GnuPG. GnuPG, also known as GPG, is a complete and free implementation of the OpenPGP standard to encrypt and sign your data and communication. GnuPG is free and can be freely used, modified, and distributed. GnuPG does not use any patented algorithms. Price: Free.
Hotspot Shield. Hotspot Shield creates a private and encrypted connection on public Wi-Fi networks, protecting data from hackers and identity thieves. Hotspot Shield Elite masks your IP address to ensure an anonymous browsing environment. Hotspot Shield intercepts various forms of malware from reaching your computer. Its suite of anti-malware tools protects you from over 3.5 million known malware threats, phishing sites, and spam. Price: Basic plan is free. Elite account is $29.95 per year.
Tor Project. Tor is a distributed, anonymous network that connects users through a series of virtual tunnels, rather than by direct connection. It allows organizations and individuals to share information over public networks, without compromising privacy. Tor has a variety of uses for businesses. Tor enables businesses to check out accurate competitor pricing, without being flagged by a competitor’s server and fed inaccurate information. Primarily, Tor keeps a company’s traffic patterns confidential. Price: Free.
Tails OS. Tails is a live operating system that protects you through privacy and security features. Tails uses tools to encrypt your files, emails, and instant messaging. Leave no trace on the computer you are using unless you ask it explicitly. All online connections are forced through the Tor network. Price: Free.
Boxcryptor. Boxcryptor is a tool to encrypt your files in the cloud, no matter if you use Dropbox, Google Drive, Microsoft OneDrive, SugarSync, Box.net, or any other major cloud storage provider. Boxcryptor is available for Windows, Mac OS X, iOS, Android, Windows Phone, Windows RT, Blackberry 10, and Google Chrome. Price: Basic is free. Unlimited Business plan is $96 per year.
ProtonMail. ProtonMail is an email app that focuses on privacy and security. Its end-to-end encryption ensures your data is already encrypted when it reaches ProtonMail’s servers. You can send and receive mail from users not on ProtonMail. Logging into a ProtonMail account requires two passwords. The second password is used to decrypt data on your device, so ProtonMail never has access to the decrypted data or the decryption password. Price: Free.
VeraCrypt. VeraCrypt is a free disk encryption software, based on TrueCrypt and developed by IDRIX. VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption, making it immune to new developments in brute-force attacks. Price: Free.
Qualys FreeScan. This tool, by cloud security provider Qualys, is a tool to scan your network, servers, desktops, or web apps for security vulnerabilities. Detect security vulnerabilities and the patches needed to fix them. View interactive scan reports by threat or by patch. Test computers against SCAP security benchmarks. Price: Free.
OnionShare. OnionShare is an open source tool that lets you securely and anonymously share a file of any size. You host the file on your own computer and use a Tor hidden service to make it temporarily accessible over the Internet, generating an unguessable URL to access and download the files. The person who is receiving the files doesn’t need OnionShare. All she needs is to open the URL you send her in Tor Browser to be able to download the file. Price: Free.
HTTPS Everywhere. HTTPS Everywhere is a browser extension that encrypts communications with websites, making your browsing more secure. Many sites on the web offer some limited support for encryption over HTTPS, defaulting to unencrypted HTTP or filling encrypted pages with links to unencrypted pages. HTTPS Everywhere fixes these problems by rewriting requests to these sites. HTTPS Everywhere is a collaboration between The Tor Project and the Electronic Frontier Foundation. Price: Free.
The Guardian Project. The Guardian Project creates secure apps, open-source software libraries, and customized mobile devices to protect communications and personal data from intrusion, interception, and monitoring. Apps include Orbot, which bring the capabilities of Tor to Android, and ChatSecure, a mobile-messaging app integrated with “Off the Record” encrypted chat protocol. Price: Apps are free.
Ghostery. Ghortery is a tool that shows users what is tracking them, such as cookies, web bugs, beacons, ad networks, and web publishers. It enables users to control the access to their information, creating a speedier browsing experience. Its enterprise solution, Ghostery Marketing Cloud Management, enables companies to expose and eliminate security blind spots in their marketing cloud, improving performance and profitability of digital assets. Price: Consumer tool is free. Contact for enterprise pricing.
Mitro. Mitro helps you manage and share your passwords easily and securely. It automatically records your user names and passwords as you log in to new sites, offers to automatically log you into sites you’ve visited before, and allows you to securely share your passwords with peers. Your data is encrypted before it ever leaves your computer, and Mitro has no access to the data. Price: Free.
Wickr. Wickr is a secure private-messaging app. It’s like Snapchat for grownups. Send and receive encrypted messages, pictures, videos, audio files, and documents. Set the expiration time on all your messaging content. Protect your conversations from being tracked, intercepted, or monitored by anyone — including Wickr. Remove all deleted messages and media from all your devices so they cannot be recovered. Price: Free.
OpenDNS. OpenDNS is a recursive DNS network with cloud-delivered security products that protect distributed networks, Wi-Fi hotspots, and employees from malware, botnets, phishing, inappropriate content, and advanced attacks. Its Umbrella platform automates protection against known and emergent threats, and stays up-to-date without admin intervention. With OpenDNS there is no need to reroute all connections through proxy or VPN gateways to secure mobile users or remote offices. Price: Basic is free. Umbrella Professional is $28 per user per year.
CloudFlare. CloudFlare is an online optimization and security platform, protecting your website from a range of online threats from spammers to SQL injection to DDOS. Adding your website requires only a simple change to your domain’s DNS settings. CloudFlare has mitigated two of the largest DDoS attacks recorded: a 300Gbps DDoS attack that flooded Spamhaus, the spam fighter, in March 2013, and a record-breaking 400Gbps attack in February 2014. Price: Basic plan is free. Premium plans start at $20 per month.
Random.org. This form allows you to generate random passwords that are then transmitted to your browser securely and are not stored on the Random.org server. Random.org also has randomizer mobile apps. Price: Free.
TripWire SecureScan. SecureScan, from Tripwire, is a free vulnerability scanning for up to 100 IPs on your internal network. Schedule weekly or monthly scanning. SecureScan uses the same enterprise-class vulnerability-scanning platform behind Tripwire’s premium vulnerability products, Tripwire IP360 and Tripwire PureCloud Enterprise. Discover your networks, your vulnerabilities, and how to manage risk. Price: Free.
Burp Suite. Burp Suite is an integrated platform for performing security testing of web applications. The suite includes an intercepting proxy, an application-aware spider, a scanner, a repeater, a sequencer, and an intruder tool. Its tools work together to support the entire testing process, from initial mapping and analysis of an application’s attack surface to finding and exploiting security vulnerabilities. Price: $299 per user per year.
OWASP Zed Attack Proxy (ZAP). The OWASP Zed Attack Proxy (ZAP) is an integrated penetration testing tool for finding vulnerabilities in web applications. It’s designed to be used by people with a wide range of security experience and is helpful for developers and testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Price: Free.
Samurai Web Testing Framework. The Samurai Web Testing Framework is a live Linux environment that has been pre-configured to function as a web pen-testing platform. It contains open source and free tools that focus on testing and attacking websites. Included are tools used in all four steps of a web penetration test. Price: Free.
Silent Circle. Silent Circle develops applications, services, and devices for encrypted communications. Silent Circle’s flagship device, Blackphone, is built from the ground up to be private by design. Blackphone boasts a combination of a custom operating system with hand-picked application tools optimized for security. Silent Circle also offers a suite of privacy apps for encrypted voice, video, conference calls, file-transfers, and peer-to-peer communications on iOS and Android. Price: Plans start at $12.95 per month.