Cyber attacks are always evolving and, today, they are one of the main reasons for concern for IT professionals responsible for companies' internet security. The concern is great, as many determining factors are not within his reach, or at least he thinks they are not. Lay, careless and untrained employees put company data at risk every day, becoming easy targets for cyber attacks.
To better understand the severity of the scenario, in the summary of cyber attacks in September 2020 published by the Trescon portal , cyber attacks aimed at the Vatican caused astonishment. If a religious organization is the target of a cyber attack, why wouldn't ordinary companies, with employees without technical knowledge and accessing whatever they want within the companies, also be a target?
Controlling them and keeping them away from the dangers of the internet is perhaps one of the biggest challenges for IT professionals in companies.
In this article, we list effective ways to keep employees away from problems on the internet, making the lives of IT professionals, and consequently managers and business owners, much easier.
How to keep employees away from cyber attacks?
Not everything is easy. Keeping 10, 20 or even 100 employees under control away from fake emails or malicious links is a task that deserves attention. But don't be alarmed, there are ways, which you'll see below, that can improve your sleep if company internet security is on your mind at night.
Take internet security training
It seems obvious, but alerting and training your employees to the dangers of the internet is essential.
Criminals try to exploit users' lack of knowledge and people's natural curiosity, sending fake messages via email, with popular subjects or posing as known and trustworthy people, inducing users to click on links contained in the content of the messages, that link to harmful websites. This technique is known as phishing.
In the article Hackers x Companies: What are the most common cyber attacks? you will find the main attacks on companies. This way, you can create simple and practical training, teaching your employees how to identify each attack.
Below, we have created a simple table that you can copy for your company. In it, you fill in the relevant information for each cyber attack, and distribute it to employees, facilitating understanding and improving the identification of the main attacks on companies on the internet.
In addition, real examples of cyber attacks help your employees understand the dangers of the internet more clearly. You can search the internet for some examples of Phishing attacks, as in the image below:
You can also hire a company specializing in internet security consultancy for companies, such as LSI Tec and All Easy , for example, identifying which points of protection should be improved and what measures should be taken to keep the company's data safe.
Remember, employees are, in the vast majority of cases, the gateway to company internet security problems. Therefore, pay attention to this, and always stay tuned for new forms of attack, persuasion trends and new techniques used by hackers.
Implement a safe internet use policy at work
Establishing behavioral guidelines for members of the organization, regarding the rules for using information technology resources, is one of the ways that reduces the likelihood of an employee falling for a scam on the company's internet, and perhaps at a lower cost.
These rules, listed in a document, signed and foreseen by the employee before making any use of company equipment, help employees without knowledge, unprepared, negligent and in some cases even malicious, to think several times before browsing websites or clicking. on suspicious links.
List actions that could compromise the company's internet security, make these actions clear to everyone, and make them sign the agreement, holding them responsible for data caused to the company in case of breaking such rules.
An example of an action that compromises security is the installation of pirated or dubious software, without supervision or authorization from the responsible sector. Pirated software carries various malware and dangers, especially for companies, and can cause not only damage to the device on which it was installed, but to the entire company network.
To help managers and IT professionals with this task, we have developed a Document Template on Internet Usage Policy in Companies , which you can download for free. This document aims to inform the employee about the Internet use policy in the company's work environment, proving the professional's awareness of the rules for using the Internet, aiming for the appropriate use of technology resources.
Don't leave everything to the employee
Just hoping that employees don't fall for internet scams is very dangerous. Moments of distraction, changes and new attacks, among other reasons, can cause an employee to fall prey to a cyber scam despite having training and guidance. Therefore, managers, business owners and IT professionals must use tools that keep employees as far away from a cyber attack as possible, protecting them from themselves.
Below, you will find 5 basic action tips most used to protect the company on the internet, and which also serve to keep employees away from cyber attacks.
1. Use strong and secure passwords
When creating your password, try to use the following tips:
- passwords with a minimum length of 8 characters (preferably 12 or more);
- that combine uppercase, lowercase, numbers and symbols;
- that do not contain obvious information or simple sequences.
2. Use a good antivirus and antimalware on all devices
In the company, you must opt for a paid license and not use pirated software or continue with trial versions. It is important that your antivirus or antimalware is always up to date and activated to offer protection. An outdated antivirus, or one with real-time protection disabled, would lose its efficiency and leave computers more vulnerable.
3. Keep equipment, systems and software always up to date
Companies that produce software are continually making corrections to their programs to correct defects, improve performance and add functionality. These fixes also include solutions against vulnerabilities and security improvements in software packages.
4. Avoid using pirated software
One of the gateways for a hacker to the internet and company devices is through pirated software. It is also quite common, after all, it is tempting to see software that can help with the company's processes, and are available “free of charge”.
However, they bring with them several data security problems, after all, they are modified versions of the original, where mainly security and originality verification features have been removed.
5. Back up company data
In some types of attack, such as ransomware, which locks data until a ransom is paid, the main way to solve the problem is to restore company data from a backup copy. Backup is essential for the security of company information.
You can see each solution in more detail in the article Good internet security practices for companies .
Control internet access
Internet access control is a solution for blocking specific content in an organized manner within the company. With it, you can determine which categories of websites will be available for access, and which will be blocked. Categories such as pornography, games, video and social networks for example. Furthermore, it is possible to determine which users or groups will have access blocked.
Typically, internet access control solutions have real-time reports on each user's access, and also total numbers, so that the manager or IT professional can analyze where the company's internet security risks are.
Controlling internet access is a common practice in companies and is increasingly important and necessary. Unlike the information security policy, access control does not require the employee's common sense and will to ensure that harmful websites outside the scope of work are not accessed.
As mentioned previously, in most incidents or security breaches, the gateway to attacks or virus installation are users who are unable to identify possible risks and end up clicking on fake email messages or malicious links on the internet.
Therefore, using an internet access control system in the company can close the vast majority of entry points for hackers into the company's network.
Use a Business VPN for remote access
With the large number of professionals working from home, it is quite common for companies to provide some support to these employees remotely. However, without the company's protection systems working in favor of the employee, the data and devices in this action will be at risk if they do not use secure remote support tools.
According to the Brazilian Internet Association, cybersecurity incidents increase during the pandemic , making companies more concerned about internet security, especially when access is done remotely.
Among all the internet security solutions for employees working from home, the most used is certainly the Business VPN.
The acronym “VPN” stands for Virtual Private Network, translating Virtual Private Network, is a network technology that uses the internet to connect a group of computers and maintain the security of data that travels between them.
The main advantage for a company that uses VPN is certainly the increase in information security when there is a need to transfer confidential data between branches or for employees who work remotely and need to access data on the local network.
Therefore, if at any point one of the company's employees remotely accesses the company's internal data, it is extremely important to use a VPN connection, keeping the company's data protected.
Extra care
Remember that it is essential to avoid internet security breaches to maintain the integrity of your brand and prevent them from affecting the company's reputation in the market. Therefore, taking measures to protect yourself from cyber attacks, not just for employees but all devices such as servers and the company network, is also very important.
Use all internet security tools available to you. Many of them are available in a very accessible way and without major implementation difficulties.
In the Internet Security Guide for Companies you can see how an accounting office increased internet security in just 20 minutes .
Always keep in mind that today, information is “worth gold”.
To the next!
2 comments
Comments closed