With the exponential increase in companies and users connected to the internet, the risks associated with the vulnerability of systems and data also increase, which is why maintaining good internet security practices is important for companies.
According to Data Breach Investigations Report 2020 , this year 86% of cyber attacks were financially motivated. This reason is more common when the target is companies, after all, they have a greater financial amount than simple internet users.
There is no doubt that the internet has become a powerful tool to facilitate processes in companies. However, it is necessary to remember that the internet is not a completely safe medium whenever you use it in the corporate environment.
Furthermore, the gateway for hackers is usually users. Customs, lack of knowledge, or ignoring fundamental security standards and systems make many companies easy targets for digital criminals.
To help companies, we have listed 10 good internet security practices for companies and professionals , making it easier to implement basic protection systems and avoiding any type of cyber attack as much as possible.
1 – Conduct internet security training with the team
The company must make its employees aware of safe behavior on the internet. Employee guidance is essential for information security in companies. As we said previously, users are the main gateway to internet security problems, clicking on fake emails, downloading malicious files, or even clicking on fake ads on social media.
Below, I have listed some examples of topics for training staff to stay safe on the internet:
- What are the most common cyber attacks
- How to identify if a link is fake
- How to identify a fake email
- How to spot a fake ad
- Websites considered harmful
- How to avoid downloading malicious files
- Dangers of pirated software
- Importance of system and software updates
In addition to these, there are many other topics to be covered so that employees have more knowledge regarding the company's internet security. As a manager or IT professional, you must carry out internet security training with your team, in order to raise awareness and show the dangers hidden on the internet, thus reducing the company's chances of having problems in the future.
2 – Define rules and a policy for correct use of the company’s internet
The creation of guidelines regarding the use of technology is very important in the corporate environment, employees need to have rules regarding the use of the internet, installing programs on computers, using smartphones and personal equipment. In this policy it is necessary to define all the rules and punishments in case of non-compliance with what was established.
The rules that make up the company's policy must be widely publicized and employees must be aware of what they can or cannot do and the punishments established.
Thinking about making life easier for managers and IT professionals, we created a document template on the internet use policy in companies . The model aims to inform employees about the Internet use policy in the company's work environment, proving the professional's awareness of the rules for using the Internet, aiming for the appropriate use of technology resources. It's free and you can download it whenever you want.
3 – Use secure passwords
It seems obvious, but even today the password is the most important form of authentication for accessing information and computing resources. Increasingly faster computers make it possible to quickly crack a password that a few years ago would have been impossible to crack. Therefore, it is currently necessary to use longer passwords to increase internet security.
To understand the complexity of the topic, the National Cyber Security Center (NCSC) , a government body in the United Kingdom, released a survey of the most used passwords in the world. As a (scary) result, the most common password in the world is “123456”, used to access 23.2 million accounts and online services around the world. And the second most chosen password by users globally is a slightly larger variation of the same idea, with 7.7 million accounts being able to be accessed by the password “123456789”.
Therefore, under no circumstances use standard or easily guessable passwords.
When creating your password, try to use the following tips:
- passwords with a minimum length of 8 characters (preferably 12 or more);
- that combine uppercase, lowercase, numbers and symbols; It is
- that do not contain obvious information or simple sequences.
To help businesses create secure passwords, we've created a comprehensive guide to creating and managing secure user accounts and passwords . The material has several tips and tools for creating and managing passwords in companies and is free.
4 – Have a good antivirus on all devices
Another item that seems obvious. But, incredible as it may seem, many professionals in companies don't worry about having this security device active on their computers. Just “owning” it, without it being correctly configured, active, with a preferably paid license and consistent with the type of protection needed for that device, is of no use.
Especially on computers and servers with a Windows operating system, it is essential to use good antivirus software, updated and configured to perform periodic scans.
Currently, antivirus cannot be left aside or replaced by other solutions, being essential for internet security.
In the company, you must opt for a paid license and not use pirated software or continue with trial versions. It is important that your antivirus or antimalware is always up to date and activated to offer protection. An outdated antivirus, or one with real-time protection disabled, would lose its efficiency and leave computers more vulnerable.
5 – Keep equipment, systems and software up to date
As mentioned above with the use of antivirus, other systems and software must always be up to date. In the same way, you must think about other software and operating systems, as well as equipment and devices.
Equipment and systems undergo continuous technological evolution and need to be replaced and updated periodically. Furthermore, you must take into account aspects of quality and performance compatible with the company's use, so that they work in a way that perfectly meets needs, without overloads, failures or defects due to inappropriate use.
Companies that produce software are continually making corrections to their programs to correct defects, improve performance and add functionality. These fixes also include solutions against vulnerabilities and security improvements in software packages.
It is increasingly important to keep the operating system and other software packages with automatic updates activated, at least for those related to information security.
6 – Avoid using pirated software
One of the gateways for a hacker to the internet and company devices is through pirated software. It is also quite common, after all, it is tempting to see software that can help with the company's processes, and are available “free of charge”.
However, they bring with them several data security problems, after all, they are modified versions of the original, where mainly security and originality verification features have been removed.
Therefore, avoid using pirated software in your company if you are concerned about the security of your company's data. It is important to remember that employees can download and install without permission, hence the importance of employee education, mentioned above.
7 – Back up company data
It is never enough to remember the importance of having a reliable backup, from which important data can be recovered after any incident.
Backup systems make it possible to recover important data in the event of any accident, in this case, a cyber attack.
In some types of attack, such as ransomware, which locks data until a ransom is paid, the main way to solve the problem is to restore company data from a backup copy.
The backup strategy must be implemented in such a way that there is a backup copy maintained in a location disconnected from the original location of the data. If the backup copy is made on an additional disk constantly connected to the server or network where the original data is located, in the specific case of ransomware, it is possible that the backup files will also be blocked at the time of the attack, making the backup useless. It is important to have a backup copy in a separate location from the original location where the data is stored.
Backup is essential for the security of company information.
8 – Protect remote access
Accessing company data remotely carries with it several dangers. When not encrypted, they can be tracked by hackers and open spaces for various attacks.
With the arrival of the pandemic, it became common for many companies to adopt home office work, accessing company data and systems remotely. But anyone who thinks that these accesses are protected, using simple and common remote access tools, is mistaken. Without the use of specific secure remote access tools, such as a Business VPN, for example, data traveling over this remote connection is completely unprotected and at the mercy of digital criminals.
The acronym “ VPN ” stands for Virtual Private Network, translating Virtual Private Network, is a network technology that uses the internet to connect a group of computers and maintain the security of data that travels between them.
Look for specific remote access security tools, such as VPN, and protect your company and employees when accessing remotely.
9 – Control internet access
It is recommended to use tools that prevent access to harmful content, such as suspicious websites that often contain viruses or malware. It is common for employees to receive fake emails with links that direct them to scam websites. Furthermore, attempts to access adult content and games can often end with a virus installation.
In most incidents or security breaches, the gateway to attacks or virus installation are users who are unable to identify possible risks and end up clicking on fake links in emails, social media ads and malicious websites.
Through this type of control, it is possible to define, for example, which groups of users will have access to which types of websites, thus avoiding the use of websites inappropriate to the scope of the work and also access to addresses with harmful content.
Using this tool, the manager protects the network against websites used in phishing attacks, the spread of malware and ransomware.
10 – Use a good Firewall system
A firewall is a security device that controls the flow of data on a network. With it, you can filter traffic, configuring what should pass through and what should be discarded.
When correctly configured on a computer network, the firewall works as an additional layer of protection against external attacks and increases the company's security on the internet, including its information, equipment and systems.
Typically, the firewall is one of the main defenses at the perimeter of a private network, being an essential component in protecting against unwanted traffic and intrusion attempts.
Check if you have an active and well-configured firewall that is protecting and recording connections between the internet and equipment on your local network.
Final tip
Carrying out a complete analysis of the company's internet security scenario is important to identify which points deserve special and more urgent attention.
To this end, there are several tools that carry out internet security tests, as well as professionals and companies specializing in the subject.
Once the company's entire network has been mapped, set priorities and remember that users are, in the vast majority of cases, responsible for opening doors and creating security breaches on the company's internet.
See the employee's role in the company's internet security in the Internet Security Guide for Companies .
I hope that in some way this text has helped you identify good internet security practices in your company.
Until later!
2 comments
Comments closed