If, unlike enterprise customers, you don’t have six figures to spend, what are some things you can do to protect your data that can scale as your business grows? Even if you don’t plan on scaling to an IPO, but are looking for good, solid privacy tech on the cheap, here are five ideas to help.
Multifactor authentication (aka MFA)
You don’t have to go crazy here to get decent protection: a sub-US$50 hardware authentication device (typically USB/NFC) from a reputable manufacturer can really help you lock things down – and software choices abound as well. If your company goes public and you need something bigger and more complex, you can still use this technology at scale, and it’s very hard to hack.
Here the important thing is to PICK SOMETHING that has a good reputation for security. They’re normally cheap or free and you can integrate the well-known ones with larger systems, should the need arise down the road.
You don’t have to be a rocket scientist anymore; you can download free or cheap software like GPG that can be used to sign email communication, making it practically impossible for an adversary to spoof your email … or you can fully encrypt it, so an adversary cannot intercept its meaning … or both. If your email recipient receives an email supposedly from you and it doesn’t have a cryptographic signature, they should know something may be amiss.
You don’t have to spend much more than the cost of a cheap home router to get something that has really robust tools, good vendor support into the future, a good reputation for security and a wide user base. If you pick enterprise names and look for their less expensive router models, typically marketed for small business, they have security features you can scale with, and they only cost US$50-100 more than the lower-end one you were planning on getting anyway.
Encrypting your traffic by default is a good way to steer clear of prying eyes when your data is in transit. With modern virtual private network (VPN) software, it’s not terribly difficult to set up, some can even be set up to connect automatically when you power up. Again, look for a supplier that has a low-end option to what is normally considered an enterprise offering. Yeah, it may not have all the bells and whistles like integration with authentication through Active Directory, but later if you need it you have a chance of integrating something you’re already familiar with and using it simply by upgrading your license.
If you have some of these pieces implemented and have time to get familiar with them, you’ll already have a leg up if you have to scale. If you use them for personal use and later get a job with increased security requirements, they’ll be happy to know you’re already up to speed on these technologies. Even if they have different systems, there will likely be many similarities with what you already know. In the meantime, you’ll have more peace of mind without breaking the budget.