Good cybersecurity practices in companiesFebruary 7, 2020 by Juan Camilo Ruiz
As we get more connected to one another, both companies and people, it is very common to share information such as personal data, photographs, account numbers and bank codes, data bases, etc; but at the same time we are more exposed to cyberattacks that seek to rob, block or hijack our information.
Therefore, the cybersecurity gains each time more importance, because it is essential that companies big or small as well people get to know the risks they are exposed to and stablish their own protection strategies.
What is cybersecurity?
According to the Information Systems Audit and Control Association (Isaca), a referent in this matter, cybersecurity is defined as “a layer of protection for the information files. From this, you work in order to avoid all kinds of threats which put at risk the information that is processed, transported and stored in any device”
Thus, cybersecurity poses a continuous work in order to guarantee the prevention and protection of the information systems given that the exposure to the attacks is constant as well as is the training of employees and users in order for them to avoid and know how to respond to these.
Some common attacks include:
- DDoS or service denial: It seeks to collapse the websites’ servers of Banks and block the access to the users. This attack can have multiple motives like ask for a reward in exchange for the website working again or to damage or discredit a company.
- Ransomware: this attack is more common every time. It consists of the blocking of the access to personal files or relevant data bases for companies. The attack, which can happen through a spam email or malicious advertising, has as an objective to ask for reward in exchange for the information otherwise there is the risk of it being entirely deleted.
Trojan: In its banking modality this virus seeks to locate inside the cellphone of the user in order to have access to personal and financial data.
Cybersecurity in companies
In the last years there has been a lot of cyberattack cases suffered by companies worldwide affecting their stability and credibility which has also posed an interest in the creation of security systems that are more stable each time.
The companies handle high volumes of information: names, addresses, emails, security codes, payment information, personal files etc. The damage to this information can be really severe but loosing it to a cyberattack o in hand of a hacker can be devastating.
As all the information handled by a company must be available for the use of the different areas it is exposed in each movement to diverse hazards. It is why every entity must have a clear security policy that watches over the processes and personnel who has access to the gathered information, so they don’t misuse it. Furthermore, it is recommended to have some good practices like:
- Antivirus: It is the first resource before a cyberattack and is necessary to every company. As the malware is constantly evolving a constant update must be guaranteed.
- Fight the threats through email: it is important to train the personnel so they don’t access or download suspicious files that may contain a virus.
- Permits’ management: Not all the information needs to be available to all the personnel which is why permits’ and passwords’ management among the employees of a company needs to be at the top of the business.
- Encrypted files: you must count with the minimal security measures specially when making use of a cloud to keep information.
- Avoid external devices: It is very common to have an USB connections between different devices, internal or external to the company. Therefore, it is recommended to share files through the cloud.
- Keep an incidents report: This way there can be a clearer road to act when facing an attack.
It is important for every company to make an early recognition of the risks to which they are exposed to in order to stablish the prevention and detection policies for possible anomalies and this way be able to give the protection and implementation of the necessary controls to fight the attacks besides counting with a response plan to possible attacks and guarantees the constant updating of it.