With the exponential increase in companies and users connected to the internet, the risks associated with the vulnerability of systems and data also increase; therefore, maintaining good internet security practices is important for businesses.
According to Data Breach Investigations Report 2020 , 86% of cyberattacks this year were financially motivated. This motive is more common when the target is a company, since it has a larger amount of money at its disposal than ordinary internet users.
There is no doubt that the internet has become a powerful tool for facilitating processes in companies. However, it is important to remember that the internet is not always a completely secure medium when used in a corporate environment.
Furthermore, the entry point for hackers is usually the users themselves. Habits, lack of knowledge, or ignoring fundamental security standards and systems make many companies easy targets for cybercriminals.
To help businesses, we've listed 10 best practices for internet security for companies and professionals , making it easier to implement basic protection systems and minimizing the risk of cyberattacks.
1 – Conduct internet security training with the team
The company must raise awareness among its employees about safe internet behavior. Employee training is essential for information security in companies. As we mentioned earlier, users are the main gateway to internet security problems, clicking on fake emails, downloading malicious files, or even clicking on fake ads on social media.
Below, I've listed some examples of topics for training your team on how to stay safe online:
- What are the most common cyberattacks?
- How to identify if a link is fake
- How to identify a fake email
- How to identify a fake ad
- Sites considered harmful
- How to avoid downloading malicious files
- Dangers of pirated software
- Importance of system and software updates
In addition to these, there are many other topics to be addressed so that employees have more knowledge regarding the company's internet security. As a manager or IT professional, you should conduct internet security training with your team to raise awareness and highlight the hidden dangers online, thus reducing the chances of the company encountering problems in the future.
2 – Define rules and a policy for the proper use of the company's internet
Creating guidelines regarding the use of technology is very important in the corporate environment. Employees need rules regarding internet use, installing programs on computers, using smartphones and personal equipment. This policy must define all the rules and penalties for non-compliance.
The rules that make up the company's policy should be widely publicized, and employees should be aware of what they can and cannot do, as well as the established penalties.
With the aim of making life easier for managers and IT professionals, we have created a document template about internet usage policy in companies . The template is designed to inform employees about the company's internet usage policy in the workplace, demonstrating the professional's awareness of the rules for internet use, aiming at the proper use of technology resources. It's free and you can download it whenever you want.
3 – Use strong passwords
It seems obvious, but even today the password is the most important form of authentication for accessing information and computing resources. Increasingly faster computers make it possible to crack a password in a short time that a few years ago would have been impossible to crack. Therefore, nowadays it is necessary to use longer passwords to increase security on the internet.
To understand the complexity of the topic, the National Cyber Security Centre (NCSC) , a UK government agency, released a survey of the most commonly used passwords in the world. The (frightening) result is that the most common password globally is “123456”, used to access 23.2 million online accounts and services worldwide. The second most popular password globally is a slightly more varied version of the same idea, with 7.7 million accounts accessible using the password “123456789”.
Therefore, under no circumstances should you use default passwords or passwords that are easy to guess.
When creating your password, try using the following tips:
- Passwords with a minimum length of 8 characters (preferably 12 or more);
- that combine uppercase letters, lowercase letters, numbers, and symbols; and
- that do not contain obvious information or simple sequences.
To help companies create strong passwords, we've created a comprehensive guide to creating and managing user accounts and secure passwords . The material includes numerous tips and tools for creating and managing passwords in businesses and is free.
4 – Have a good antivirus program on all your devices
Another item that seems obvious. But, incredibly, many professionals in companies don't bother to have this security device active on their computers. Simply "owning" it, without it being correctly configured, active, preferably with a paid license that matches the type of protection needed for that device, is useless.
Especially on computers and servers running the Windows operating system, it is essential to use good antivirus software that is up-to-date and configured to perform periodic scans.
Nowadays, antivirus software cannot be ignored or replaced by other solutions; it is essential for internet security.
In a company, a paid license should be chosen, and pirated software or trial versions should not be used. It is important that antivirus or antimalware software is always updated and activated to provide protection. An outdated antivirus, or one with real-time protection disabled, would lose efficiency and leave computers more vulnerable.
5 – Keep equipment, systems, and software up to date
As mentioned above regarding the use of antivirus software, other systems and software should always be kept up to date. The same applies to other software and operating systems, as well as equipment and devices.
Equipment and systems undergo continuous technological evolution and need to be replaced and updated periodically. Furthermore, you must consider quality and performance aspects compatible with the company's use, ensuring they operate in a way that perfectly meets needs, without overloads, failures, or defects due to improper use.
Companies that produce software are constantly making corrections to their programs to fix bugs, improve performance, and add features. These corrections also include solutions to vulnerabilities and security improvements in software packages.
It is increasingly important to keep the operating system and other software packages with automatic updates enabled, at least for those related to information security.
6 – Avoid using pirated software
One of the entry points for a hacker into the internet and company devices is through pirated software. This is also quite common; after all, it's tempting to see software that can help with company processes, and it's available "for free.".
However, they bring with them several data security problems, since they are modified versions of the original, where security features and authenticity verification have been removed.
Therefore, avoid using pirated software in your company if you are concerned about the security of your company's data. It's important to remember that employees can download and install it without permission, hence the importance of employee education, as mentioned earlier.
7 – Back up company data
It's always worth reiterating the importance of having a reliable backup, from which important data can be recovered after any incident.
Backup systems make it possible to recover important data in case of any accident, in this case, a cyberattack.
In some types of attacks, such as ransomware, which blocks data until a ransom is paid, the main way to solve the problem is to restore the company's data from a backup copy.
The backup strategy should be implemented in such a way that a backup copy is kept in a location disconnected from the original data location. If the backup copy is made on an additional disk constantly connected to the server or network where the original data is located, in the specific case of ransomware, it is possible that the backup files will also be locked at the time of the attack, rendering the backup useless. It is important to have a backup copy in a location separate from the original data location.
Backups are fundamental to the security of company information.
8 - Protect remote access
Accessing company data remotely carries several risks. When not encrypted, it can be tracked by hackers and create opportunities for various attacks.
With the arrival of the pandemic, it became common for many companies to adopt work-from-home policies, accessing company data and systems remotely. However, anyone who thinks this access is protected using simple and common remote access tools is mistaken. Without the use of specific secure remote access tools, such as a Business VPN, the data transmitted over this remote connection is completely unprotected and at the mercy of cybercriminals.
The acronym " VPN " stands for Virtual Private Network, a networking technology that uses the internet to connect a group of computers and maintain the security of the data that travels between them.
Look for specific remote access security tools, such as VPN, and protect the company and employees when accessing remotely.
9 – Control internet access
It is recommended to use tools that prevent access to harmful content, such as suspicious websites that often contain viruses or malware. It is common for employees to receive fake emails with links that redirect to fraudulent websites. Furthermore, attempts to access adult content and games can often result in the installation of a virus.
In most security incidents or breaches, the gateway for attacks or virus installation is users who fail to identify potential risks and end up clicking on fake links in emails, social media ads, and malicious websites.
Through this type of control, it is possible to define, for example, which user groups will have access to which types of websites, thus preventing the use of websites that are inappropriate for the scope of the work and also access to addresses with harmful content.
Through this tool, the manager protects the network against websites used in phishing attacks, malware propagation, and ransomware.
10 – Use a good firewall system
A firewall is a security device that controls the flow of data on a network. It allows you to filter traffic, configuring what should pass through and what should be discarded.
When properly configured on a computer network, a firewall acts as an additional layer of protection against external attacks and increases the company's security on the internet, including its information, equipment, and systems.
Typically, a firewall is one of the main defenses at the perimeter of a private network, being an essential component in protecting against unwanted traffic and intrusion attempts.
Check that you have an active and well-configured firewall that is protecting and logging connections between the internet and the equipment on your local network.
Final tip
Conducting a thorough analysis of the company's internet security landscape is important to identify which areas require special and urgent attention.
For this purpose, there are several tools that perform internet security tests, as well as professionals and companies specializing in the subject.
After mapping the entire company network, define priorities and remember that users are, in most cases, responsible for opening doors and creating security breaches in the company's internet network.
See what role employees play in company internet security in the Internet Security Guide for Businesses .
I hope this text has somehow helped you identify good internet security practices in your company.
Until later!
2 comments
Comments closed