By Steve Morgan
Cyber crime damages are predicted to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015, according to a report from my company, Cybersecurity Ventures. Nearly half of all cyber attacks are committed against small businesses.
Related: 4 Vital Cybersecurity Measures Every Safety-Conscious Entrepreneur Needs to Take
Considering the statistics, it's not a question of if a small business will be hacked, but when. Small businesses don't have big budgets for cybersecurity, but there's a myriad of free tools they can use to protect themselves against digital intruders.
Free email security protectionEmail theft is one of the most popular cyber crimes, and it exposes small business login IDs and passwords to hackers.
The recent Equifax breach caused roughly 143 million U.S. consumers to have their email credentials and other information accessible to hackers. That equates to around 55 percent of Americans age 18 or older who have been affected. Last year's Yahoo and LinkedIn hacks exposed hundreds of millions of user accounts to hackers.
A large chunk of the email addresses that are stolen and sold as a result of these hacks belong to small businesses, and their employees. Stolen email addresses are for sale on the dark web, a part of the world wide web that requires special software to access. Cyber criminals buy and sell login IDs and passwords, Social Security numbers, credit card digits and other on darknet sites. If a small business has its email addresses accessible to hackers, the results can be devastating. It's frightening to think of the confidential information that a cyber thief will find when browsing through inboxes, sent messages and folders.
But, there's free email protection that takes less than five minutes to set up.
Practically every email app in use by small businesses -- ranging from Microsoft's Outlook to Gmail, Yahoo Mail and AOL Mail -- has a feature called "Two-Step Verification" (a.k.a. "Multi-Step Verification").
In a nutshell, two-step verification means that in order to gain access to an email account, an extra step is required. After a user types in his login ID and password, he's prompted to enter a secret code. The email app instantaneously sends the user a text message with a unique code. Then the user checks his phone for the code, and types it to proceed into his email account.
Hackers hate two-step verification because it prevents them from accessing some of the stolen email accounts they buy. When prompted for a secret code, a hacker has no way of knowing what it is. And the real user is notified of the fraudulent login attempt.
All small businesses should turn on two-step verification for their corporate email, and recommend to their employees for personal accounts. To encourage employee participation, an employer should point out the personal benefits to their employees (namely protecting their own confidential information).
Surprisingly, most small-business owners and employees are either unfamiliar with two-step verification or they simply don't bother to turn it on. There are easy-to-follow instructions for turning on two-step verification in Outlook, Gmail, Yahoo Mail and AOL Mail.
Related: Is Your Business Prepared for a Cyber Attack? (Infographic)
Free cybersecurity toolsGlobal spending on cybersecurity products and services is predicted to exceed $1 trillioncumulatively over the next five years, from 2017 to 2021, according to another report from Cybersecurity Ventures.
The thought of spending money they don't have scares off small-business owners when it comes to cybersecurity. They just deal with the fallout after they get hacked. But, cyber protection doesn't have to break the bank. In fact, these 10 free tools cover some of the biggest cybersecurity risks and they don't cost a dime:
Free cybersecurity glossaryFor small-business owners and IT managers who want to bone up on cybersecurity, check out The A-Z List of Computer Threats from Sophos.
If that's not enough, Cybersecurity Ventures maintains a list of glossaries for looking up more advanced cybersecurity and cyber warfare terms.
Catch up on my current posts along with industry articles