With the exponential increase of companies and users connected to the Internet, the risks associated with the vulnerability of systems and data, so maintaining good safety practices on the Internet are also important for companies.
According to the Data Breach Investigations Report 2020 , this year 86% of cyber attacks had financial motivation. This is more common when the target is companies, after all, it has a higher financial amount than simple internet users.
There is no doubt that the internet has become a powerful tool to facilitate companies in companies. However, it must be remembered that the internet is not a totally safe means whenever it is using it in the corporate environment.
In addition, the hacker's gateway is usually exactly the users. Customs, lack of knowledge, or ignoring fundamental safety standards and systems make many easy targets for digital criminals.
To help companies, we have listed 10 good internet safety practices for companies and professionals , making it easier to implement basic protection systems and to avoid any kind of cyber attack as much as possible.
1 - Perform Internet Security Training with the team
The company must make its employees aware of internet security behavior. Employee guidance is essential for information security in companies. As we mentioned earlier, users are the main gateway to internet security problems by clicking on fake emails, downloading malicious files, or even clicking fake advertisements on social networks.
Below, I listed some examples of work team training topics staying safe on the internet:
- What are the most common cyber attacks
- How to identify if a link is false
- How to identify a fake email
- How to identify a fake ad
- Sites considered harmful
- How to Avoid Downloading Malicious Files
- Pirate software dangers
- Importance of systems and software updates
In addition to these, there are many other topics to be addressed so that employees have more knowledge about the company's internet security. You as a manager or IT professional should perform Internet security training with the team to make the hidden dangers on the Internet, thus decreasing the chances of the company to have problems in the future.
2 - Define rules and a policy of correct use of the company's internet
The creation of guidelines regarding the use of technology is very important in the corporate environment, employees need to have rules on the use of the internet, installation of computer programs, use of smarthphones and personal equipment. In this policy it is necessary to define all rules and punishments in case of non -compliance with what was established.
The rules that make up the company's policy must be widely disclosed and employees must be aware of what they may or may not do and the established punishments.
Thinking about making life easier for IT managers and professionals, we created a document model about the policy of use of the internet in companies . The model has the purpose of informing the employee about the internet use policy in the company's work environment, proving the professional's science about the rules of use of the Internet, aiming at the proper use of technology resources. It's free and you can download it whenever you want.
3 - Use secure passwords
It seems obvious, but even today the password is the most important form of authentication for access to information and computational resources. Increasingly fast computers allow you to break a password in a short time that would be impossible for a few years to be broken. Therefore, it is currently necessary to use longer passwords to increase internet security.
In order to understand the complexity of the theme, the National Cyber Security Center (NCSC) , a UK government agency, released a survey of the most used passwords in the world. As a result (scary), the most common password in the world is “123456”, used to access 23.2 million accounts and online services around the world. And the second password most chosen by users globally is a slightly larger variation of the same idea, with 7.7 million accounts and can be accessed by the “123456789” password.
Therefore, under no circumstances use standard or easily deducted passwords.
At the time of password creation, try to use the following tips:
- passwords with a minimum length of 8 characters (preferably 12 or more);
- that combine uppercase, lowercase, numbers and symbols; and
- that do not contain obvious information or simple sequences.
To help companies in the creation of safe passwords, we created a complete guide for creating and managing user accounts and secure passwords . The material has several tips and tools for creating and management of passwords in companies and is free.
4 - Have a good antivirus on all devices
Another item that seems obvious. But, as incredible as it may seem, many professionals in companies do not bother to have this active security device on their computers. Just “own”, without being configured correctly, active, with license preferably paid and consistent with the type of protection necessary for that device, it is no use.
Especially in Windows operating system computers and servers, it is essential to use good antivirus software, updated and configured to perform periodic scans.
Currently antivirus cannot be overlooked or replaced by other solutions, being essential for internet security.
In the company you should choose a paid license and do not use pirate software or continue with evaluation versions. It is important that antivirus or antimalware is always up to date and activated to offer its protection. An outdated antivirus, or with deactivated real -time protection, would lose efficiency and make computers more vulnerable.
5 - Keep updated equipment, systems and software
As mentioned above with the use of antiviruses, other systems and software must always be up to date. Similarly, one should think to other software and operating systems, as well as equipment and devices.
Equipment and systems undergo continuous technological evolution and need to be replaced and updated periodically. In addition, you should take into account quality and performance aspects compatible with the use of the company, so that they work in a way that perfectly meets the needs, without overloads, failures or defects for inappropriate use.
Companies that produce software are continually making corrections to their programs to correct defects, improve performance and add features. These corrections also include solutions against vulnerabilities and safety improvements in software packages.
It is increasingly important to maintain the operating system and other software packages with activated automatic updates, at least for those related to information security.
6 - Avoid the use of pirate software
One of the input doors to a hacker on the internet and company devices is through pirate software. It is also quite common, after all, it is tempting to see software that can help in the company's processes, and are available “free”.
However, they bring with them several data security problems, after all, they are modified versions of the original, where mainly security and originality verification features have been removed.
Therefore avoid using pirate software at the company if you are concerned about company data security. It is important to remember that employees can download and install without permission, so the importance of employee education, mentioned earlier.
7 - Back up company data
It is never too much to remember the importance of having a reliable backup, from which the important data can be recovered after any incident.
Backup systems make it possible to recover important data in the event of any accident, in this case a cyber attack.
In some types of attack, such as ransomware, which blocks data until payment of a ransom, the main way to solve the problem is restoring company data from a backup copy.
The backup strategy should be implemented so that there is a security copy kept in a uncovered location from the original data site. If the safety copy is done on an additional disk constantly connected to the server or network where the original data are, in the specific case of ransomware, it is possible that the backup files are also blocked at the time of attack, making backup useless. It is important to have a security copy in a separate place from the original location where the data is.
Backup is critical in the security of company information.
8 - Protect remote accesses
Access to company data made remotely carries several dangers with them. When not encrypted it can be tracked by hackers and open spaces for various attacks.
With the arrival of the pandemic, it became common many companies adopt home office work, accessing the company's data and systems in a remote way. But it is wrong to think that these accesses are protected, using simple and common remote access tools. Without the use of specific secure remote access tools, such as a business VPN, for example, the data that travel in this remote connection are totally unprotected and at the mercy of digital criminals.
The acronym " VPN " means virtual private network, translating private virtual network, is a network technology that uses the internet to connect a group of computer and maintain the data security that traffic between them.
Look for specific remote access safety tools such as VPN and protect the company and employees by making remote access.
9 - Do Internet Access Control
It is recommended to use tools that avoid access to harmful content, such as suspicious sites that often contain viruses or malware. It is common for employees to receive fake emails with links that direct to fraud sites. In addition, attempting to access adult content and games can often end with a virus installation.
In most incidents or safety failures, the gateway to attacks or virus installation are users who cannot identify possible risks and end up clicking false email links, social networking ads and malicious websites.
Through this type of control, it is possible to define for example which user groups will have access to which types of websites, thus avoiding the use of undue websites to the scope of work and also access to addresses with harmful content.
Through this tool, the manager protects the network against sites used in phishing, malware and ransomware propagation.
10 - Use a good firewall system
Firewall is a security device that controls network data flow. With it it is possible to filter traffic, setting what should pass and what should be discarded.
When configured correctly on a computer network, Firewall acts as an additional layer of external attack protection and increases the company's safety on the Internet, including its information, equipment and systems.
Normally firewall is one of the main defenses in the perimeter of a private network, being an essential component in protecting unwanted traffic and invasion attempts.
Make sure you have an active and well -configured Firewall that is protecting and recording the connections between the internet and your local network equipment.
Final tip
Making a complete analysis of the company's internet security scenario is important to identify which points deserve special and more urgent attention.
For this, there are several tools that perform security tests on the Internet, as well as professionals and companies specialized in the subject.
After mapped the entire company's network, set priorities and remember that users are mostly responsible for opening doors and creating security breaches on the company's internet.
See the role of the employee in the company's internet security in the internet security guide for companies .
I hope that somehow this text has helped you identify good internet security practices in your company.
Until later!
2 comments
Comments closed