We’re all trying to find bargains. This is particularly true when you have a small business because every penny counts. One of the first things you try is to search for what you want on the Internet. If you’re over budget this month, you’re tempted to put a single word in front of your search text, FREE! We should know better, but it’s FREE! Yeah, and I have a ocean front property in Arizona. The con men of the Internet are much more sly about stiffing you with their bill. As a cyber security guy I see this too often with my cybersecurity clients. Let’s review your costs of FREE for just a few of the things on the Internet you may be thinking of using right now.
One of the most common free services I see used today is DropBox. The free, consumer version is great. Within one minute of signing up I can upload files too big to email and send them to someone anywhere on the globe. What could be better? What you aren’t paying for and certainly not getting is a cyber secure place to put sensitive business information. DropBox has been breached multiple times. If you’ve had an account with them for long I’m sure you’ve gotten an email telling you to change your password because your login information has been compromised. That’s a fancy word for “STOLEN by cyber criminals.” The best cyber protection in the world won’t stop a valid username & password that’s been stolen. (The one exception is multi-factor authentication, but that’s another topic.)
Here’s a sobering stat: 76% of network intrusions exploit weak or stolen credentials (email & passwords)
No matter the service that you use to store data in the cloud, if you want assurances that it is business class protection, ask for a HIPAA Business Associates Agreement (BAA) to cover the service even if your firm isn’t subject to HIPAA. The cybersecurity requirements are such that if they offer a BAA it is greater assurance the company is being more protective of your data. Generally, the consumer grade versions won’t provide a BAA. I know what that tells me, RUN AWAY.
HIDDEN FREE GOODIES
If you don’t know my humor, the above line would be stated with extremely dry sarcasm. Many free pieces of software are packed with something. Whether it’s software which causes a pop-up advertisement every time you use the software, or worse, installs malware or ransomware on your computer that won’t trigger for 6 months (so you don’t suspect it), either way it’s BAD. If you have employees, you better have a policy of not downloading and installing ANY software without the approval of your IT. This single mistake has bankrupted businesses. Just ask me, I’ll send you the links.
NO FREE SUPPORT
The last cost you pay is no support. If the software or service doesn’t do something correctly or acts badly, when you call me for support I’m likely to say (under my breath) “You get what you pay for.” My service fixing it on the other hand is going to cost you, sometimes dearly. By fixing, I normally mean, ripping it out of your computer for good.
Don’t get me wrong, I like free as much as the next guy. There are some really cool things out there. Here’s a site with some free items that don’t come with strings attached: www.grc.com. My advice is not to use it for your business without proper research & approval. The risk is too great to your clients, your reputation and to any regulatory requirements to which your firm may be subject. Do your IT support a favor and ask them before you use or install anything FREE on your business network or devices.
If you’ve had your own cyber nightmares with “free” please leave a comment or send me an email at firstname.lastname@example.org. These also serve as warnings to others.
About the author, Rick Rusch | Cyber Security Evangelist
For over 25 years Rick has helped companies utilize technology safely & productively. Recognizing the dangers of the Internet age several years ago, Rick has passionately focused on cybersecurity to help clients guard their reputations & their most precious asset, their digital data.