12 Jun Improve your cyber “defense” in-houseTiempo de lectura: 3 minutos
Cyber education for the prevention of cyber threats is one of the pending subjects of SMEs. 43% of breach victims were small and medium businesses. Currently, there are more and more news appearing in the media related to cyberattacks on companies. Cybercriminals adapt to changing times and can attack in multiple ways, so keeping in mind the importance of cybersecurity is essential. Between those many ways, there are 7 common ones:
- Weak and Stolen Credentials, a.k.a. Passwords
- Back Doors, Application Vulnerabilities
- Social Engineering
- Too Many Permissions
- Insider Threats
- Improper Configuration and User Error
Following this, we present some steps that must be taken into account when designing a cyber risk prevention plan for a company. The three main aspects to pay attention are: staff, devices, and information management, and such different aspects must be worked on so that the company is as protected as possible from any type of attack, which could harm or end its activity.
It is essential to keep employees informed and educate them on the culture of cybersecurity. Human mistakes can produce gaps, leaving the company unprotected. The same happens when there is a new staff member. It is very important to remind each employee of the regulations at least once a year.
In order to do this, it is necessary to establish a series of prevention policies that workers must follow. 34% of data breaches involved internal actors. That shows why policies must be related to job security, use of software and devices, regulations for teleworking, use of email and passwords, storage of information. Everything should be done following a protocol, previously explained. There should be no room for improvisation.
Devices and networks
Regarding the devices used to carry out the activity (which, in general, will be computers), access and permissions of each user must be controlled by means of unique and non-transferable, which must be renewed from time to time (every 60 or 90 days). It is also recommended to have physical security. Cybersecurity systems as everything cannot prevent everything and has limitations, which is why physical security should be important to improve the total security of the company with events that cybersecurity cannot prevent.
All the software used must be within the law and up-to-date. Furthermore, except for cybersecurity personnel, permissions must not be granted to install or modify the installation of applications on work devices.
Networks are another focus through which cyberattacks could penetrate the company. It is important to protect them. A company’s network cannot be public, it must have passwords and firewalls to limit access. It is also recommended to clear the cache of cookies from time to time.
50% of large enterprises (with over 10,000 employees) are spending $1 million or more annually on security, with 43% spending $250,00.
Backups should be part of the daily routine of a company’s activity, this simple action can help the business to continue its activity in the event of a cyber attack. The most recommended is to perform them on external devices that are later stored safely, but it is also possible to perform backups in the cloud, for which it is necessary to study the reliability of the provider of this service. Security breaches have increased by 11% since 2018 and 67% since 2014. (Ponemon Institute), which shows the importance of including backups as a priority.
An aspect that should not be neglected is the correct management of email.92% of malware is delivered by email(CSO Online). Installing control programs and filters to limit the arrival of spam is a good practice to keep in mind, in addition to training and educating staff about the dangers that opening a malicious email can entail.
Finally, the most important factor to have a good cyber defense in a business is the communication between the personnel. Cybersecurity knowledge must be passed on to the entire team through training on prevention and risks. The greater the information shared, the greater the awareness and computer security of a company.