Top Practices for Cyber- Security with
According to various studies in the last four years, attacks to steal information from companies have increased 46%, and in Mexico 60% of companies have problems due to internal information leaks. With these figures, without a doubt, one of the main concerns of owners, investors, directors and employees of companies is to take the appropriate computer security measures to protect business data.
Here is a list of the best computer security practices that every company should follow:
· Employee awareness and training. One of the main risks for companies' information is the careless practices of their workers when using the Internet. These practices include opening emails with malicious programs, use of free WiFi that can compromise the transfer of information and even the loss of storage devices, smartphones or tablets that contain relevant information or company passwords. For this reason, it is important to sensitize and train them on good practices in the use of the Internet and devices.
· Make reliable backup copies of all relevant information. The information of companies can not only be threatened by theft or malware, but also by events such as floods or fires, in either case it is advisable to have backup and a recovery plan. These backups can be done on external devices, from hard drives to specialized servers.
· Have your own server. It is recommended if more than five computers are used in the company, as it reduces the risk of file loss.
· Installation of antivirus and antispam. Depending on the size of the company, there are different products on the market that are adapted to the needs and budget of each one. These serve to prevent malware that can delete or damage files, phishing or theft of access codes, among others. Its installation is recommended on all computers that contain or send information.
· Encrypt information. It is quite common for smartphones or tablets to be lost or stolen and, so that the information they contain is not accessed, it is important that it is encrypted.
· Set strong passwords and change them regularly. The passwords to access computers, emails or files must be strong passwords, that is, they must be difficult to decrypt. The use of common names, relevant dates or birthdays should be avoided, preferably they should be alphanumeric and be changed periodically.
· Risk analysis and creation of contingency plan. Before any emergency happens, it is best to carry out a risk and vulnerability analysis, know the strengths and weaknesses of the equipment, the internal network, the servers, the Internet connections, etc. Knowing the risks and weaknesses, it is easier to make decisions regarding the security measures to be implemented and the protocols to follow in the event that company information is compromised.
· Protecting the information of a business means protecting the operation of the business. Its protection also allows you to avoid or reduce financial losses that can take years to recover, or the damage can be so serious that it causes your total disappearance.
Every day we like to buy online more. Probably these days many of us make an online purchase. Taking advantage of the discounts we will sit down with our good morning coffee and just when we enter our favorite e-commerce boom! we find that it is blocked: it does not open, it cannot be bought, the prices do not keep any logic. What happened? They have probably hacked the online store where we wanted to make our purchases. Precisely today? It is no coincidence, cyber criminals know the importance of these dates, and they take advantage of it to carry out their threats more effectively.
This situation, which could be experienced by all companies that sell online, is also applicable to other companies, since they may find themselves blocked without knowing what to produce, where to invoice or where to send orders.
The Internet security worries me how can I protect my company?
From O ller Brokers we would like to recommend a series of good practices that should help reduce the chances of impact of an attack and increase the security of your company on the Internet. IMPORTANT, the involvement in this belongs to ALL team members.
We rely on 3 basic aspects:
1. Organization and Team: the human factor is decisive in the majority of claims and that is why the entire staff, including external parties, must be trained in good practices to guarantee Internet security. These should be:
· Strong passwords, of at least 8 characters combining uppercase, lowercase, numbers and symbols.
· Do not leave passwords in sight written in a post it on the screen; that happens more than we think.
· Keep antivirus and programs updated.
· Do not open unknown attachments.
· Caution when using USB and other storage devices.
· Be wary of emails that suggest a change in a provider's current account, or requests for transfers from our General or Financial Director. Do a double check with a phone call.
· Avoid connecting to public wireless networks with work devices. If you ever transmit confidential information, or do it via vpn.
2. Technology: luckily we have a range of tools that help us to be less vulnerable:
· Antivirus and firewall.
· Filtering tools.
· Analysis of downloads and other suspicious actions.
· Use an information encryption tool to exchange confidential information with customers or suppliers.
· Use a secure erase application when disposing of old computers.
3. Recovery capacity: it is essential to strengthen it to return to full rhythm in the shortest possible time:
· Daily and independent backups.
· Periodically check the proper functioning of these backup copies.
· Continuity plan including a crisis management procedure.
In this last point, the insurance sector can help increase the resilience of the company. Basically the sector has responded to the current threat with a cyber risk insurance that includes a fantastic crisis management system in which by contacting a 24 × 7 line, a team of experts (computer forensics, legal team, communication and PR, etc) that together with your IT staff will resolve the situation in the shortest possible time to return to the scene immediately before the attack. Read our latest post on cyber insurance to find out what they are and what they cover.
No comments:
Post a Comment