Due to the risks generated by attacks and the number of information security incidents, giving due attention to this topic must be part of the strategy of managers and those responsible for technology sectors in companies.
The biannual edition of SonicWall's 2020 Cyber Threat Report brings worrying data regarding the number of malware, Ransomware attacks and other existing threats. According to the report, almost 10 billion malware attacks were recorded worldwide in the last half of 2019. A number that is expected to grow, due to the favorable scenario for attacks in 2020, with many professionals working from home. We even listed the 10 biggest data security breaches in 2020 so far, with cases involving multinationals.
In Brazil, according to Fortinet , there were more than 1.6 billion attempted cyber attacks in the first quarter of the year, out of a total of 9.7 billion in Latin America.
Although companies in all sectors suffer from security incidents such as data loss, the segments most targeted in attacks are healthcare, finance and manufacturing, as they are much more dependent on data and system availability.
Faced with this alarming scenario, the question that all managers must ask: what to do to keep the company protected against security risks?
The answer to this question is very broad and complex, mainly because a network and company data can suffer attacks in countless different ways and from different sources.
Even if your company has updated Firewall and antivirus protection, a user can infect a computer or the entire network, just by connecting a pendrive with malicious files. There is also a high chance that the infection will be caused by a user clicking on a harmful link in a fake email, quickly compromising network security.
Therefore, when talking about information security, one must always seek a broad view of the risks and the key word to avoid incidents is always: PREVENTION !
Although it is very difficult to be completely protected, with some even simple measures, it is possible to considerably reduce the risks of Malware and Ransomware attacks. Companies and specialized professionals point out 3 points to be addressed in the measures taken in the company:
- Network and Internet browsing protection
- Constant maintenance and updating of systems
- User guidance to identify risks and prevent attacks
We will address each of these points separately in more detail below.
Network and Internet browsing protection
To keep the company's network protected, it is essential to use a Firewall, with rules and blocks appropriately configured and updated. The Firewall solution is quite broad and can be implemented simply with standard rules to protect against more known vulnerabilities or a more complete and complex implementation, with protection at different network layers and risk levels.
One of the main entry points for attacks and incidents is internet browsing. Inattentive users can easily click on unknown links or fake email messages, which lead to harmful websites, which install malware on the network, often without the user's awareness. Once the virus is installed, it is very difficult to avoid bigger problems, such as data hijacking, which is the type of attack very common today, known as Ransomware.
To avoid this type of situation, it is important to protect and control browsing, using tools that prevent access to harmful websites and even allow the restriction of some types of content that pose greater risks, such as download sites, games, violence and pornography. .
Of course, it is always important to evaluate the investment required to stay protected. There are advanced solutions on the market at very high costs, generally only viable for large companies, but there are also practical and affordable solutions that keep the network protected in a reliable and efficient way.
To define the Firewall and browsing protection solution to be used, an analysis of the alternatives must be carried out, evaluating the necessary investment, maintenance and update costs and the relationship between the benefits and the investment.
There are many alternatives, starting with complex solutions with Linux network servers with firewall, proxy and other services. pfSense can also be used as a free software alternative or solutions known as UTM Firewall, market options are SonicWall , Fortinet , Juniper Networks , Sophos , among others. These solutions have as a common characteristic the need for high investment in equipment and the need for constant maintenance by specialized professionals.
For companies looking for an efficient and professional solution, without the need for high investment and great involvement of specialized technical professionals, an excellent alternative is the Lumiun Tecnologia , which offers the possibility of protection with Firewall and navigation control in a practical and efficient way. , with very affordable costs and an excellent relationship between return and investment. The solution has a very simple implementation and can be managed even by users without technical IT knowledge, which makes maintenance and updates much easier.
Constant maintenance and updating of systems
Attack forms constantly change and evolve, often exploiting vulnerabilities in network systems and servers or users' lack of knowledge and curiosity.
System and antivirus manufacturers monitor the emergence of new attack methods or techniques in real time and whenever something new is identified, they quickly implement corrections and appropriate protection in their systems.
Therefore, it is essential to keep any and all systems used in your company up to date! Periodically update operating systems and browsers such as Chrome, use an accredited antivirus version, always keeping it up to date, in addition to reviewing security policies and router configurations to identify possible failures or vulnerabilities in the network.
Among the most important and efficient measures for prevention is the use of a good antivirus. It is not recommended to use free versions of antivirus in companies, as updates can take time and protection can be inefficient. In our IT Guide , we mention the characteristics and information of the best antivirus on the market, such as:
User guidance to identify risks and prevent attacks
As important as the previous measures, it is to guide users to identify possible threats and avoid actions that could allow a virus to enter. Before any measure is implemented, start by educating your company's employees about the risks and losses, forms of attack and what to do to avoid incidents.
Criminals seek to exploit users' lack of knowledge and curiosity, sending false messages via email, with popular topics or posing as known and trustworthy people, inducing users to click on links contained in the content of the messages, which lead to websites harmful, this technique is known as phishing .
These methods use social engineering techniques, trying to deceive users with messages that appear to be genuine. Good examples are messages about bank charges, product offers and promotions or job opportunities. When clicking on one of these harmful links, the user will be directed to a fake page that is extremely similar to the real page, which can capture important data or install a virus, malware or Ransomware on the network.
It would be ideal to define rules and develop a manual for the safe use of technology equipment and the internet in the company .
Another item that should be given attention and guidance to employees is the use of secure passwords. More than 50% of information security failures are related to the use of weak and deducible passwords. guidelines for creating passwords and managing user accounts with professionals .
Even taking all these measures, it will never be possible to say that your network and company information are completely safe. Therefore, never fail to have an adequate backup policy, making copies of relevant data periodically and storing this information in different, protected locations.
Don't wait to go through critical situations such as data loss to take preventative measures!
The measures discussed in this article can be implemented without major investment and effort and can certainly avoid a lot of “headaches” for you as a manager or person responsible for the technology area of your company.
I hope to have contributed to improving awareness of the importance of data security in companies.
To the next!
5 comments
Comments closed