Cybersecurity has been this 2020 more relevant than ever. The evolution of teleworking and the increase in third-party access to internal company networks, as well as the proliferation of cyberattacks, means that company executives and employees must be continually updated in terms of security tools and policies in the network .
According to the latest international study by Forrester for Hiscox, losses related to cyberattacks increased six-fold in 2019, from an average cost of € 9,000 to € 51,200 per company. However, firms are responding with stricter security measures and increased spending on cybersecurity (+ 39% in 2019).
To avoid the risks of a cyberattack, which can cause financial and reputational damage for the company that suffers them, it is important that companies increase their efforts to educate their staff. And that happens by making clear some points to follow.
The security of the company begins by implementing a cybersecurity plan against threats from abroad, with tools that define the security perimeter.
Firewalls are a common option, “however the main handicap of companies today is something as basic as the correct management of passwords, essential in order to block access to those who do not have the key, but which, continues today in today the main gateway for cybercriminals, ”explains Xavier Lefaucheux, head of sales and marketing at the cybersecurity company Wallix .
To be fully effective, password policies must enforce minimum complexity requirements . This happens because they are intelligible and that the user uses symbols and capital letters in their creation. Also, changes must be made from time to time.
And it is that security in remote access is increasingly critical as external service providers and teleworking increase.
Keeping systems up-to-date is not only essential for the security of a company to be robust, it is also something in which all users must be committed. And is that, when a new version is received for download, whether it is an operating system or an application, inside it usually has solutions for open breaches through which a cybercriminal could carry out an attack. Therefore, it is essential to keep everything updated.
Attackers are clear about what they want by using a ” ransomware ” type of virus , which is one of the main threats a company faces online. The goal is to get valuable information to ask for a ransom. But how does the virus access the data?
One of the main entry routes for the attack is through the use of “phishing” techniques. In other words, impersonating third parties to deceive any of the members of the company under attack, either through an email or some other type of communication, and get the malicious code to be downloaded.
It is essential that the members of a company have the necessary knowledge in cybersecurity to be able to locate these types of threats. One of the keys is to systematically mistrust all emails that are suspicious.
Many types of this virus destroy copies secu rity that are on the devices or the system they have infected. To avoid even more serious consequences, it is vital that companies have remote “backups” that no one can access.
«Ransomware is one of the biggest enemies I have ever had in my life. I have been facing him since 2012. His evolution has been brutal. The former allowed to recover deleted files and information from Windows restore points. As of today they are very well designed.
They are much more effective and sophisticated. My recommendation is to prevent, but many security tools can be saved by cybercriminals, so it is important to have backup copies. And for this, you have to have a good back up system.
The only effective solution is that, in addition, it is “ransomware” proof, in particular, “Lorenzo Martínez, technical director of Securízame , recently explained to ABC .
To ensure the effectiveness of the company’s cybersecurity strategy, it must be implemented from a ” Security by design ” approach, which guarantees the control of security in an integrated way throughout the process, and not through external processes, as well as take into account the longevity of the technology itself and of the solutions that will be applied to the company’s infrastructure.
“It is important to have a sustainable plan and to emphasize long-term and adaptable security in view of future threats and as yet unknown regulations. It is a preventive and proactive approach ”, points out Xavier Lefaucheux.