Concern about information security is a topic that needs to be part of the strategy of companies, due to the growth of incidents, the risks that safety failures can pose and the evolution of forms of attack on the Internet.
A survey by Allianz Global Corporate & Specialty (AGCs) has placed Brazil in the world fourth place in the ranking of damage caused by virtual crimes, with an annual average losses caused by cyber attacks reaching $ 7.7 billion in the country. Behind the United States only ($ 108 billion), China ($ 60 billion) and Germany ($ 59 billion).
In another survey conducted by PWC on virtual attacks, it was found that the number of incidents registered in Brazilian companies jumped from 2,300 in 2015 to 8,700 in 2016. In 2016, the average value of financial loss related to security problems was $ 9 million, according to the survey. Which also showed that in Brazil most incidents originate from companies' own employees, representing 41%, above the world average of 34%.
Forms of internet attacks are increasingly dynamic and sophisticated, exploring in different ways all possible vulnerabilities in companies, from lack of blocking or safety systems such as antivirus, proxy or firewall to users' lack of knowledge or attention when using the internet. Even as the PWC survey showed, users are currently the gateway to 41% of incidents.
Given this scenario, we can see the importance of a complete information security policy in companies, focusing on three fundamental points: antiviruses and prevention/detection systems of failures, security policies and services and management of internet access and education and training of employees !
Employee Training and Education
Criminals try to explore users' lack of knowledge and natural curiosity by sending false messages by email, with popular and reliable people, inducing users to click links to the content of messages, which direct to harmful websites, this technique is known as phishing .
These attacks on users use social engineering techniques and are increasingly personalized. For example, by sending messages from professionals interested in work to the company's HR sector or passing by suppliers in shopping sector messages. A survey conducted by Intel showed that only 3% of users are able to identify a phishing attack.
In 2015 the company JBS tested with its 30,000 employees, sending an email with content stating that the player Neymar would be leaving Barcelona and would play in another club, clicking on the message link users were directed to a page that reported that this could be a harmful website and cause damage or safety failures. The rate of users who clicked on the link was around 10% of the 30,000 employees, where it is recommended to be below 5%.
After a collaborator clicking on a malicious link and accessing the harmful site, they are installed "malware" or some viruses, which can infect not only the computer, but the entire company network. With these programs installed, criminals can capture passwords, financial data on bank accounts or credit cards, steal or hijack confidential information from the company and various other forms of attack.
So, to guide employees to identify possible risks, it is necessary to create guidance programs on safety risks, forms of attack and possible damage. It is recommended that the company has a internet access policy , which describes how technology equipment can be used, what type of content can be accessed and under what situation or conditions can be used.
It is also recommended to create educational materials for training, such as explanatory videos or booklets with guidelines on how to use the internet safely. Two important points to be addressed, which are the cause of most flaws, are the use of safe passwords and care needed to click on unknown messages or websites, which direct to harmful websites.
I share two materials created here at Lumiun , which address these topics and can be used for employee guidance:
- Guide for Creation and Management of User Accounts and Safe Passwords
- Safe Use Manual of the Internet for Professionals and Companies
It is also important to understand that the responsibility for information security should not only be in the IT industry, but to be part of the people management strategy and resources throughout the corporate environment.
Antivirus and Internet Access Management
As we have seen, information security should also address the use of virus prevention or detection systems, the well -known antiviruses. For this, free solutions such as AVG or AVAST , or paid solutions such as Kaspersky , Bitdefender , McAfee . Most importantly, antivirus is always up to date and properly configured to avoid the installation of viruses and identify any threat.
It is also essential to use services for security and internet access management, which allow efficient control of what can or can not be accessed on the network and preventing users access to harmful websites. There are numerous service alternatives that allow this management, from traditional proxy/firewall server solutions, UTM or Appliance solutions, to more modern cloud -based solutions that allow the implementation and management of these services simply and with lower operating and financial cost, such as Lumiun Tecnologia .
We can see that staying protected on the internet is not a simple task, it takes commitment to safety and a large set of measures that involve employee education and efficient use of systems and resource protection and control technologies.
But we can also conclude that it is essential attention to this issue, considering the increase in crimes on the Internet and the losses that possible attacks can generate to companies.
Share in the comments how your company faces information security risks and what measures are used in prevention.
If you want to know more how to have good access management and more internet security, talk to us and schedule a demonstration !
10 Comments
Comments closed