The success of any digital transformation initiative in the business environment is intrinsically linked to another factor, cybersecurity for businesses.
However, there are many organizations that compromise their online security on a daily basis, not only due to lagging technology but also as a consequence of the daily activities carried out by employees. There is no doubt that the lack of knowledge and / or internal training in the field of cybersecurity, can become a weakness and even represent a threat, since the organization is more vulnerable to the possibility of cyberattacks.
The digitization and digital transformation of SMEs and large companies constitutes one of the four main axes of the Recovery Plan launched by the Spanish Government and which has the support of the EU, through Next Generation funds. An axis that is complemented along with other types of related actions such as the digitization of public administrations, acquisition of digital skills, connectivity, deployment of 5G and the integration of AI in the current economic context.
In this guide, we offer 11 simple tips to explain everything you need to know in terms of cybersecurity for businesses to keep your company safe from cyberattacks on the network.
Enjoy the most secure option and rest assured with AuraQuantic Cloud. Click here to request a free demo of the best storage service for your company.
Cybersecurity guide for businesses: 11 tips to avoid compromising your security
According to the Global Cybersecurity Index 2020 prepared by the International Telecommunications Union (ITU), USA and UK rank first and second worldwide for most cybersecurity.
This report takes into account 25 indicators and 5 thematic blocks derived from different surveys conducted with cybersecurity experts, institutions, collaborators and different stakeholders from each of the countries participating in the study.
Based on this data, we have compiled this brief Cybersecurity Guide for companies, offering 11 tips that you should take into account to avoid cyberattacks and not compromise the online security of your business.
1. Keep software updated
The Operating System (OS) must be updated, including the antivirus, and any type of program installed on all devices that are used for the development of daily professional activity: desktops, laptops, tablets or smartphones.
Hackers always look for any type of vulnerability in the systems when carrying out a cyberattack. For this reason, companies must make their employees aware of the importance of keeping the software on all the equipment they use updated during their effective working day. Thus, potential vulnerabilities that could compromise the company’s sensitive information, such as customer data, financial information, etc., are avoided.
2. Always log out
This advice is usually one of the least practiced by employees in companies. However, not putting it into practice can entail very serious consequences related to the theft of sensitive or confidential information by third parties.
Therefore, whenever you log in on any device, it is recommended to log out when you finish using the account.
3. Browse safely through websites with HTTPS protocol
The HTTPS protocol is a security system designed to improve user privacy while browsing the Internet. This protocol allows encryption of all the information that is sent and received between the navigation device used, for example, a computer, and the destination web page that is accessed.
To check if the website is secure, simply look at the navigation bar for an image of a padlock just before the letters ‘https’. A very simple way to protect the data stored on any device, used to access the network and avoid leaks.
4. Make backups following the 3-2-1 Rule
If you have never heard of or read about the 3-2-1 rule on backups, we advise you to pay close attention to this advice from the Cybersecurity Guide for companies, since, in the event of a potential cyberattack, you can avoid losing all your valuable information linked to your business.
According to this rule, three backup copies must be made of all the sensitive data that a company wants to back up, on a daily basis if possible. For this, two different means will be used, such as the cloud, local disk, network disk, among others. Lastly, it is advisable that one of the devices on which the information is stored is in a safe place outside the company. This will ensure the company has an effective backup system to protect and recover all its information, from any type of cyberattack.
5. Beware of email
One of the main gateways for cyberattacks is email. Today, almost all companies use an email client, such as Microsoft Outlook and Mozilla Thunderbird, as opposed to webmail services, such as Gmail, intended for personal use.
However, regardless of the corporate communication tool used, it is vital to make employees aware of the dangers of email misuse. In this sense, it is recommended that the company has a policy for the safe and appropriate use of email that guarantees its protection and avoids so-called spam emails and phishing.
Both spam or junk mail, as well as phishing scams are two of the mechanisms that cybercriminals use to obtain sensitive data, such as passwords and bank details. In this sense it is recommended:
- Do not open emails from unknown senders.
- Add junk mail to your spam list and then proceed with its removal.
- Look at any type of suspicious element in the content of the email.
- Inspect the links before opening them.
- Activate antispam filters.
- Use strong passwords to access email.
- Use blind copy when sending the same email to several recipients.
6. Use strong passwords
For now, the use of passwords, as well as other innovative biometric security systems, such as fingerprint or facial recognition, represent the main authentication methods to access the different devices or services that, day by day, are used in the business environments, increasingly digitized.
However, the misuse and management of passwords by employees can become a source of vulnerabilities for companies. From writing them down on paper, reusing them for different programs or sharing them by email are usually some of the bad practices put in place by the human factor of companies.
Tips for creating a strong password include:
- Use more than 8 characters
- Use uppercase, lowercase, numbers and special characters.
- Do not use personal items (name, surname, date of birth …).
- Eliminate the use of vowels or replace them with numbers.
- Do not use a single word, to avoid a ‘dictionary attack’.
- It is recommended to use a string of unrelated words.
- Change your password at least every 6 months.
In any case, and as part of our Cybersecurity Guide for companies, we recommend using various authentication methods, an aspect that we will see in the next section.
7. Use multiple authentication methods
In addition to the use of strong passwords, it is recommended to use, additionally, other authentication systems, such as sending an OTP (One Time Password) via SMS, app or voice, among others.
In this way, it is guaranteed that the user knows the password to access the service and that, in addition, he is who he claims to be, since he provides a code that only he has.
The use of double or multi-factor authentication represents an important security mechanism for companies and its implementation can greatly reduce the risks derived from any possible cyberattack.
8. Give internal training on cybersecurity
Companies must educate all their employees, regardless of their level of responsibility, of the importance of adopting safe work habits that minimize the possible consequences of a cyber attack or that compromise the security of the company.
Internal training, within the area of cybersecurity for business, is not a trivial matter. Currently, this area represents one of the main causes of concern, for companies around the world and in any sector, since a cyberattack can seriously damage their reputation, security and profitability.
According to information published by the specialized cybercrime magazine Cybersecurity Ventures, it is estimated that during the year 2021 the costs related to cybercrime in the world will exceed five billion euros.
9. Make the cybersecurity department more prominent
The current digital ecosystem that surrounds companies and the risks that this implies has promoted that the role of professionals who are in charge of managing cybersecurity in companies, take on a greater role.
However, there is still a long way to go in this regard. According to data published by the National Institute of Cybersecurity, INCIBE, through the INCIBE-CERT (Security Incident Response Center) during 2020, more than 133,155 cybersecurity incidents were managed, of which 106,466 refer to citizens and companies 1,190 to strategic operators and 25,499 to the Spanish Academic and Research Network (RedIRIS). Of the total number of cybersecurity incidents, 35.22% corresponded to malware and 32.02% to any type of fraud, followed by vulnerable systems, with 17.39%.
With these figures, and given the increase in companies that decide to bet on digital transformation through formulas such as telework (telework link), it is essential that companies increase their budgets in terms of cybersecurity and that paper of the departments directly involved, such as the IT, Systems or Solutions Department, take on a greater role in strategic decision-making.
10. Secure corporate social networks
Properly managing the company’s social networks is a fundamental requirement to guarantee cybersecurity and prevent possible leaks of corporate information.
Therefore, a series of recommendations should be taken into account, ranging from updating passwords periodically, creating an email account for procedures related to social networks, not providing confidential company information and having a community manager who will take care of managing all the social profiles of the company, in a professional and secure way.
11. Stay up to date on cybersecurity
In Spain, the INCIBE, formerly known National Institute of Communication Technologies, is the reference entity in matters of national cybersecurity. This body dependent on the Ministry of Economic Affairs and Digital Transformation, through the Secretary of State for Digitization and Artificial Intelligence, aims to generate digital trust among citizens, professionals and companies, as well as to serve as a knowledge center, especially for strategic sectors.
Through its ‘security notices’ section, you can find out daily and updated all the news related to cases of phishing, social engineering, ransomware, etc., that may affect your company.