No player, no matter how good he is, is autonomous enough to win a game alone. Each player has a specific role and the teamwork is what allows for really reaching the success; that’s why I’m introducing below the players that will help you achieve the goals of cybersecurity for companies:
1. Regular updates to eliminate vulnerabilities. Most of malware deployments are due to weaknesses in the applications we usually use, where sometimes the updates are not taken into due account, which represents a risk for the security of the companies.
2. Remove unnecessary software. There are users who install some software on their computers for a specific purpose and after a while they stop using them. Unused applications may become a risk, since they allow external attackers for using exploits laid to those common applications with reported vulnerabilities, that are easily exploitable.
3. Safe passwords. Sometimes the digital transformation can be a bit overwhelming because it takes you to handle more than 10 passwords to access several applications. The best practice will always be to use uppercase, lowercase, numbers and a minimum of 8 characters which cannot be deciphered easily. We recommend you the use of words or phrases you can remember.
4. Do not click on everything you see. One of the most important risk vectors in information attacks is the e-mail. Protecting e-mail is one of the most important strategies to contain a threat. This is very important in the practice of cyber network security.
5. Use more than one factor authentication. It is advisable to use additional factors authentication to a username and password for critical mission applications within corporate environments (token, biometrics, among others), with the purpose of identifying, by an additional parameter, the user who wants to use them.
6. Safe connections. Sometimes with the purpose of accessing the Internet through a wired or wireless network, an attacker may be located between the user’s final device and the remote service we want consult, in a type of attack called man-in-the-middle, where the information flow is intercepted by an intermediate team whose function is to capture relevant data to infringe, such as passwords, credit cards, addresses, names, etc. The use of encrypted protocols for accessing web pages via HTTPS, or remote connections from unsafe environments to corporate environments through VPNs (SSL, IPSEC), or the simple fact of having a remote connection and exchanging information using SSH or SFTP, play a very important role for the exchange of data between users and servers.
7. Use a firewall to access the internet. The business IT security device by excellence, which constitutes the best defense against an internal or external intrusion of client’s perimeters, is a firewall; a tool which allows for controlling not only the flow of information going to or coming from an uncontrolled environment, but is also capable to look beyond the services.
8. Do backups. Beyond a cybernetic incident, the data could be compromised by something as unpredictable as a failure of the storage equipment. A backup is an example of a corrective measure which represents a practice that can save the life not only of an IT administrator but also of an end user.
9. Use security software on end user computers. It is a very efficient practice to use software able to detect malwares, because this type of tools base their analysis on a series of behaviors of the files inside the equipment, establishing whether or not, in case of copying, moving, or executing a file, actions not in compliance with the expected operation of the same and which are contained quickly and accurately, are carried out.
10. Protection of smart devices. The lack of control and visibility of this type of device is a very high risk vector for the theft of information, that’s why using applications which protect them is vital.
11. The last player is you: The end user should be aware of the computer security tools and the constant exposure of the information handled. Being constantly alert helps avoid being a potential target for an attacker who is constantly looking for those weak points that we expose as a consequence of omitting recommendations and good practices that we must follow. After all, how safe we are largely depends on how we use the technology that’s available to us.