Online Tools to Help Keep Your Business Safe
We crawl the website for online tools that specialize in business safety and keep them in one convenient place.
Free Cybersecurity Services & Tools
As part of our continuing mission to reduce cybersecurity risk across U.S. critical infrastructure partners and state, local, tribal, and territorial governments, CISA has compiled a list of free cybersecurity tools and services to help organizations further advance their security capabilities. This living repository includes cybersecurity services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community. CISA will implement a process for organizations to submit additional free tools and services for inclusion on this list in the future.
The list is not comprehensive and is subject to change pending future additions. CISA applies neutral principles and criteria to add items and maintains sole and unreviewable discretion over the determination of items included. CISA does not attest to the suitability or effectiveness of these services and tools for any particular use case. CISA does not endorse any commercial product or service. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA. - https://www.cisa.gov/free-cybersecurity-services-and-tools
All organizations should take certain foundational measures to implement a strong cybersecurity program:
- Fix the known security flaws in software. Check the CISA Known Exploited Vulnerabilities (KEV) Catalog for software used by your organization and, if listed, update the software to the latest version according to the vendor’s instructions. Note: CISA continually updates the KEV catalog with known exploited vulnerabilities.
- Implement multifactor authentication (MFA). Use multifactor authentication where possible. MFA is a layered approach to securing your online accounts and the data they contain. When you enable MFA in your online services (like email), you must provide a combination of two or more authenticators to verify your identity before the service grants you access. Using MFA protects your account more than just using a username and password. Why? Because even if one factor (like your password) becomes compromised, unauthorized users will be unable to meet the second authentication requirement, ultimately stopping them from gaining access to your accounts.
- Halt bad practices. Take immediate steps to: (1) replace end-of-life software products that no longer receive software updates; (2) replace any system or products that rely on known/default/unchangeable passwords; and (3) adopt MFA (see above) for remote or administrative access to important systems, resources, or databases.
- Sign up for CISA’s Cyber Hygiene Vulnerability Scanning. Register for this service by emailing firstname.lastname@example.org. Once initiated, this service is mostly automated and requires little direct interaction. CISA performs the vulnerability scans and delivers a weekly report. After CISA receives the required paperwork, scanning will start within 72 hours and organizations will begin receiving reports within two weeks. Note: vulnerability scanning helps secure internet-facing systems from weak configurations and known vulnerabilities and encourages the adoption of best practices.
Get your Stuff Off Search (S.O.S.). While zero-day attacks draw the most attention, frequently, less complex exposures to both cyber and physical security are missed. Get your Stuff Off Search–S.O.S.–and reduce internet attack surfaces that are visible to anyone on web-based search platforms.
Cybersecurity Checklist for Small Businesses
The European Union Agency for Cybersecurity (ENISA) and the National Cyber Security Alliance (NCSA) have jointly drafted a checklist that provides baseline tasks that small business owners can implement and gain more peace of mind that their businesses, information, and employees are more secure online. The checklist elaborates on four cybersecurity challenges faced by small businesses. Download the one-page checklist here. https://staysafeonline.org/wp-content/uploads/2020/11/Transatlantic-Cybersecurity-Checklist_FINAL.pdf
|Low Cyber-Awareness||Cybersecurity may be a complex issue connected with technical solutions and measures, but it must be a part of the culture for small businesses as a successful cyber-attack can cause serious financial and/or reputational harm to any size of business.|
|Lack of Remote IT Security||As more employees log in to their home computers to work, more data and communications are being transmitted across insecure channels- ultimately leaving valuable business content exposed.|
|High Cost of Cybersecurity Solutions||The cost of technical solutions, organizational overhead, cybersecurity training, and cybersecurity expertise require funds that many businesses simply do not have.|
|Increased Attacks such as Phishing||Teleworking has opened new opportunities for cybercriminals through ‘urgent’ and ‘fear-based’ emails to trick online users into revealing personal information, click on malicious links or attachments, and inadvertently download malware directly on their computers.|
HaveIBeenPwned.com is an online repository of email addresses and passwords that have been collected from publicly disclosed data breaches. Enter your email address and the site will tell you if that email address has appeared in data breaches and, if so, from which sites.
If you use the Chrome web browser, Google's Password Checkup extension will check your password against known data breaches when you sign into a site. This will not give Google your password, but wherever you sign-in, if you enter a username and password that is no longer safe due to appearing in a data breach known to Google, you'll receive an alert."