Cybersecurity on a budget How to protect your business when every cent counts
ForewordThis toolkit is best suited for micro and small businesses (and for personal use as well) that want to bolster their cybersecurity while operating on a small/tight budget. We will recommend some specific software and hardware choices to assist you with pointing to relevant tools, but you are free (and encouraged!) to do your research on shown topics. IntroductionWhen speaking about cyber security, hacking, servers, and such, we think of those things in a manner that Hollywood movies imprinted onto us. We imagine futuristic tech, multi-billion-dollar companies, hackers cloaked in darkness fast-typing on the keyboard, large server rooms, and text-line interfaces (the last one is actually true).This leads us to think that all those things are reserved for major organizations with millions in funding to back them up. But can you deploy cyber security tools in an SME, working on a tight budget? Of course! Let us show you how. 3rd party vs self-hosted solutionsBefore we start talking about VPNs and Ad-blockers let us explain the vocabulary we will be using when recommending certain solutions: 3rd partyThis means someone (another company) will do it for you. Usually, all you have to do is install an app or perform basic steps - the setup and hosting are done by the external company. Pros:Ease of setup and access; no extra skills and knowledge required; highly competitive market makes different companies offer a lot of extra services. Cons:Payment plans may not be tailored for your needs, thus making you pay for the things you don't need or use; you are trusting a 3rd company with your data; Subscription prices can add up quickly.
Self-hosting:This means you are responsible for hosting your cybersecurity tools. Apart from a device to host it on you also need appropriate software as well as the knowledge to install and configure it correctly. Pros:You are getting exactly what you want; It can be fun and challenging to learn new things; Plethora of open-source software available for free with great community support; You can feel like a movie hacker suddenly using Linux and command lines :) Cons:Basic/Intermediate computer knowledge required; Server needed which is a cost by itself;
Self-hosting on a budgetBy the time you finished reading about self-hosting, you probably asked yourself "Who would choose that option? I don't know anything about servers and don't want to spend thousands on infrastructure!". The thing is you don't have to spend thousands of euros on infrastructure. To be fair, you don't even have to own it! First of all, cloud hosting is very prominent. All of the big players of the IT world (Amazon, Google, Microsoft) offer cloud platforms, while there are dozens more offered by smaller companies (DigitalOcean and Heroku to name a few). All of them offer a free trial (1 to 3 months depending on the platform), so you have time to learn and try doing things yourself (instead of paying upfront). After the free trial ends, the payments for a virtual machine capable of hosting software mentioned in this toolkit would amount to about 5-10 euros each month, which can be less than 3rd party subscriptions combined. But what about owning a server? It wouldn't be cost and space-efficient, right?Quite the contrary! A device suited for your SME might cost you less than 100 euros and fit in the palm of your hand. Meet Raspberry Pi, a small all-rounded computer.
Apart from being capable of being a VPN and Ad-blocker (at once!) you could use it for dozens of different things (multimedia servers, cloud storage, arcade gaming cabinets, smart mirrors, retro console emulators - the possibilities are huge). The latest models could be also comfortably used as a backup PC in case of a sudden failure having a dedicated Linux operating system capable of browsing the web and playing multimedia with ease. With a price sitting around 60-100 euros depending on a model, it could be your most cost-effective solution in the long run. VPNWe already explained in detail what a VPN is and why should you use it in our other materials (which we strongly recommend!) but serving as a reminder: VPN is a virtual network that protects your privacy by hiding the data you send in an extra layer of encryption. It is mainly used as a layer of protection while using public or unsecured networks, so bad actors cannot hijack your data. Many companies are offering VPN services and advertise heavily (if you are a frequent Youtube user I'm sure you have encountered at least one VPN ad). Notable VPN options:3rd partyWe won't be naming specific ones, as the market is heavily competitive and the differences within the top providers are minimal. Typing "best VPN + current year" in a search engine of your choice will get you relevant results in seconds. Pricing: about 10euros/month on a monthly plan (comparing the offers of top providers), cheaper when bought in long-term plans (3-5 euros a month).
Self-hostedOpenVPN (https://openvpn.net/vpn-software-packages/) Pricing: Open source/free for use AlgoVPN (https://github.com/trailofbits/algo) Pricing: Open source/free for use
Ad-blockersYou probably heard about ad-blockers by this point. There is even a high chance you are using one right now (and for a good reason)! Ad-blockers were the long-sought answer to intrusive, full-page advertisements that were plaguing the Internet. They are solely responsible for a more user-friendly approach to advertisements on the web, but they can also be a huge security factor for your company. How so? Misleading or malicious ads are one of the major ways you can compromise your small business security, either by clicking on one by mistake or getting lured by the promise of a free tablet (which you totally just won). Other than that, ads are all adding up to your Internet usage, which may be a big factor when you’re in a place with limited Internet access, or operating a data plan. When your food truck is out on the road, you want precious Internet data limits used for your delivery portal, not miracle pill ads. So, what are your options? First, let us talk about two kinds of Ad-blockers. Frist is the client-side ad-blocker you install in your browser. The second one is an ad-blocker based on DNS resolving. Client-side blockers are installed as an add-on to your browser. DNS resolvers need a machine to operate on. What is the major difference? Imagine a movie with an adult scene you don’t want to watch. Client-side blockers would be like covering your eyes with your hands. You couldn't see it, but it was still there. The movie took longer to finish and your electricity bill was higher because of it. You might think that the cost wouldn’t be high for a couple of seconds, but imagine covering your eyes hundreds of times every day! The cost would eventually pile up. DNS resolver would be a TV cutting the scene out for you before it aired, making the movie shorter, and keeping your electricity bill lower. Another major benefit is you can use the DNS resolver on the network level, thus making a device protected from ads simply by connecting to your network, without the need of installing the client blocker for every browser on every computer your company uses. Notable DNS ad-blocking options:3rd party:NextDNS (https://nextdns.io) - Free personal plan limited to 300k requests per month, Pro plan is about 2 euros a month, Business plan starting at about 200EUR per year up to 50 employees. Pricing: about 10euros/month on a monthly plan (comparing the offers of top providers), cheaper when bought in long-term plans (3-5 euros a month). Self-hosted:Pi-hole (https://pi-hole.net) - Installation guide can be found at: https://github.com/pi-hole/ Pricing: Open source/free for use |
Keywords
cyber security, budget, VPN, DNS, ad-blocker
Objectives/goals:With these tips, a trainee will gain the ability to secure his/ her business even with a low or no company budget.
Description In this toolkit, you will find a set of tools to increase your online security, which we recommend especially for micro and small businesses with limited budgets. You can also use these tools for private purposes.
We have selected all solutions considering the actual financial possibilities of micro and small companies.
Related training material