Various tools and benefits are used by companies, especially small and medium-sized ones, to increase their productivity and become more competitive in the market. But there is always a catch: along with all this technology and services available, there are security risks that the internet “offers”, which requires companies to take measures to protect their business and customer information, in addition to avoiding incidents and equipment and software maintenance costs.
Even with the arrival of LGPD , the General Data Protection Law, only 4% of small and medium-sized companies are already prepared to comply with the law . In addition to this, Brazilian companies pay 3 times more than the global average in ransomware attacks due to not having efficient protection systems and not having the correct awareness about internet security.
It is practically impossible to be completely protected from digital risks and attacks, but some measures can keep your company considerably protected and are not part of the statistics mentioned above.
Prevention is the key word. Protection goes through several levels, from simple guidance actions and practices for using technology for employees to investments in servers and robust corporate solutions.
In the next few lines, we list 11 practical prevention measures to keep your company protected from the risks of attacks and information security incidents.
Antivirus
Basic yes, but still very necessary. It is essential to use antivirus on all equipment, which can be free versions such as Avast and AVG or paid versions such as McAfee , Bitdefender or Kaspersky .
Some say that using antivirus is no longer necessary. However, several tests show that it is still important to use this protection tool on devices, especially on computers in business environments. In the video below, you can see some of these tests:
Furthermore, it is essential that the antivirus is always updated and configured in accordance with the company's security policy. An outdated antivirus loses much of its efficiency and leaves computers vulnerable to attacks.
Keep software up to date
Updates are not just for interface improvements, layout modernization or new features. Along with the package of changes, there are improvements in the security of all software, therefore, all software used on the company's computers and equipment must be up to date.
The operating system and browsers should pay more attention, as they are normally the most used.
Protect your Wi-Fi network
If your company has a Wi-Fi network available, it is important to protect access from strangers and intruders. To do this, use a strong password and a connection with data encryption. Also change the default settings of the router used by changing the password to access the router's settings panel.
An additional security configuration is to activate filters by MAC (Media Access Control), providing a list of addresses of devices that are authorized to connect to your network, this way it is possible to restrict access to other equipment that is not on this list. .
Establish a policy for the use of technology resources
Creating guidelines regarding the use of technology is very important in the corporate environment. Employees need to know the rules regarding using the internet, installing software on computers, using smartphones and personal equipment. In this policy it is necessary to define all the rules and punishments in case of non-compliance with what was established.
The rules that make up the company's policy must be widely publicized and employees must be aware of what they can and cannot do, in addition to the established punishments.
You can create a technology use policy document for companies , so that all employees are aware of the rules and can sign, proving their awareness and commitment to the established guidelines.
Training for employees
Most security problems have as their gateway failures in the behavior of professionals, who through carelessness and lack of attention provide important data or allow viruses and malware to be installed on computers.
Guiding employees on the precautions to be taken regarding the company's internet security is extremely important.
The vast majority of security problems can be avoided with attention and precaution on the part of professionals, therefore, training can be part of the company's onboarding process, for example, and be constantly reinforced and improved as hackers' attacks and strategies change. .
Back up all relevant business data
Define copying procedures for all your company's important data. For more relevant information, such as financial data or information about customers, products and services, it is recommended to make a daily backup, performed automatically. Additionally, keep copies secure and stored in at least two different locations.
As for computer data and other information, a weekly and properly stored copy guarantees the recovery of this data in the event of loss.
A good alternative is to use cloud services for storing files, such as Google Drive or Drop box . Services like these have automatic backup, in addition to offering expanded access to files from any location or device connected to the internet.
Limit physical access to computers
Do not allow intruders to have physical access to your internal computers or servers. Avoid leaving portable computers open to strangers and set passwords for all company computers and systems. This identification is important to track any activity carried out, both by strangers and employees themselves, who can often carry out improper operations that will cause inconvenience and even damage to the company.
Protect information from financial systems
This is an item that should receive extra attention from managers as this is where most internet attacks are directed. Maintain restricted access to the company's financial data and systems, such as bank passwords, allowing only trusted and trained people to operate this information.
Social engineering actions such as calls simulating financial institution contacts or fake emails that direct access to fake bank websites are common. In these cases, it is essential to always take maximum precautions.
Be strict when setting passwords
The use of weak passwords is another factor that greatly contributes to security breaches. According to a survey , in 2020 the most used password on the internet was “123456”. Alarming.
Make it a rule to define long passwords, which combine alphanumeric characters, upper and lower case letters, numbers and symbols. Also, do not store passwords in places that anyone can access.
To make this process easier, we have created a Guide for creating and managing secure accounts and passwords , which you can download for free.
Blocking access to harmful websites and controlling the internet
It is recommended to use tools that prevent access to harmful websites that can install viruses or malware. It is common for employees to receive spam messages with false links that direct to these sites, in addition to accessing certain types of content on sites, such as games, downloads or adult content.
Most attacks begin with access to a harmful or malicious website, after which the malware secretly installs a virus on the equipment and thus opens a door on the network for Ransomware attacks to occur, for example.
A good alternative solution for controlling internet access in small and medium-sized companies is the Lumiun Box , which filters browsing access to malicious websites and can protect your network from attacks with the integrated Firewall. Furthermore, the solution is easy to implement and manage and requires low investment compared to other solutions on the market.
Control access to programs and software installation
Employees must only have access to programs used to carry out their activities in the company. Do not grant access to all programs to all employees. Furthermore, it is necessary to restrict the installation of any application on the equipment, without authorization from the person responsible for the IT area.
In the absence of restrictions, it is common to install unknown programs, often pirated , which can leave computers vulnerable and create a gateway for viruses, attacks and security breaches.
As we have already mentioned, it is very difficult to keep your company 100% protected from risks on the internet, but certainly, by implementing these 11 security measures, it is possible to significantly increase protection in your company and avoid security problems. Additionally, you can delve deeper into the subject by following tips, articles and materials from the Internet Security Guide for Business .
Most of these tips only require involvement and dedication from managers and those responsible, without the need for a large investment, so start with simple actions and gradually advance to more complete solutions that will make your company increasingly protected.
Investing in information security solutions is fundamental, do not wait for an incident to occur to implement protection measures, as the losses caused by attacks and data loss are immeasurable, they can stop activities for days, lead to loss of confidential data and even In some cases, they even compromise the future of the business.
I hope at least one of these tips was useful to you.
Until later!
2 comments
Comments closed