Due to the risks generated by attacks and the numbers of information security, paying due attention to this theme should be part of the strategy of managers and responsible for technology sectors in companies.
The semester edition of Sonicwall's Cyber Threats 2020 reports brings worrying data on the number of malware, ransomware attacks and other existing threats. According to the report, almost 10 billion malware attacks were recorded around the world in the last semester of 2019. Number that should grow due to the favorable scenario for attacks by 2020, with many professionals working in home office. We even listed the 10 largest data security failures by 2020 so far, with cases of multinationals.
In Brazil, according to Fortinet , there were more than 1.6 billion cyber attacks in the first quarter of the year, a total of 9.7 billion in Latin America.
Although companies from all sectors suffer from security incidents such as data loss, the most targeted segments in the attacks are health, finance and manufacturing, as they have a much greater dependence on data and system availability.
Given this alarming scenario, the question that all managers should ask: What to do to keep the company protected against safety risks?
The answer to this question is very wide and complex, mainly because a network and business data can suffer attacks in numerous different forms and distinct origins.
Even though your company has updated firewall and antivirus protection, a user can infect a computer or the whole network, just connecting a USB stick with malicious files. There is also great chances of the infection being caused by a user by clicking on a harmful link in a fake email, quickly compromising network safety.
Therefore when it comes to information security, one should always seek a broad view of the risks and the keyword to avoid incidents is always: prevention !
Although it is very difficult to be completely protected, with some measures even simple, it is possible to considerably reduce the risk of malware and ransomware attacks. Specialized companies and professionals point 3 points to be addressed in the measures taken at the company:
- Network protection and internet browsing
- Maintenance and constant update of systems
- Users' guidance to identify risks and prevent attacks
Let's address each of these points separately separately below.
Network protection and internet browsing
To keep the company's network protected, it is essential to use a firewall, with properly configured and updated rules and locks. Firewall solution is quite wide and can be implemented simply with standard rules for protection against better known vulnerabilities or a more complete and more complex implementation, with protection in different network layers and risk levels.
One of the main entry doors for attacks and incidents is the browsing on the internet. Users without attention can easily click unknown links or fake email messages, which lead to harmful websites, which install malware on the network, often without the user's own perception. Once the virus is installed, it is very difficult to avoid major problems, such as data kidnapping, which is the very common type of attack today, known as ransomware.
To avoid this type of situation it is important to protect and control navigation through tools that prevent access to harmful websites and even allow restriction of some types of content that have higher risks, such as download sites, games, violence and pornography.
Of course, it is always important to evaluate the investment needed to be protected, in the market there are advanced solutions at very high costs, usually viable only for large companies, but there are also practical and affordable solutions that keep the network protected reliably and efficiently.
To define the firewall solution and navigation protection to be used, an analysis of the alternatives must be made, evaluating the necessary investment, maintenance costs and updates and the relationship of benefits to the investment.
There are many alternatives, starting with complex solutions with Linux network servers with firewall, proxy and other services. PFSense can also be used as a free software alternative or solutions known as Firewall UTM, market options are Sonicwall , Fortinet , Juniper Networks , Sophos , among others. These solutions have as its common characteristic the need for high investment in equipment and need for constant maintenance by specialized professionals.
For companies that seek an efficient and professional solution, without the need for high investment and great involvement of specialized technical professionals, an excellent alternative is the Lumun Tecnologia , which offers possibility of firewall protection and navigation control in a practical and efficient way, with very affordable costs and great relationship between return and investment. The solution has a very simple implementation and can be managed even by users without IT technical knowledge, which makes maintenance and updates much easier.
Maintenance and constant update of systems
The forms of attack change and evolve constantly, usually exploring vulnerabilities of network systems and servers or the lack of knowledge and curiosity of users.
Systems and antivirus manufacturers follow in real time the emergence of new attack methods or techniques and whenever identified something new, quickly implement corrections and proper protection in their systems.
This is why it is essential to keep any system used in your business always updated! Periodically update operating systems and browsers like Chrome, use a version of accredited antivirus always keeping updated, as well as reviewing security policies and router settings to identify possible flaws or vulnerabilities in the network.
Among the most important and efficient measures for prevention is the use of a good antivirus. It is not recommended to use free antivirus versions in companies, as updates may take time and protection may be inefficient. In our IT guide , we cite the characteristics and information of the best antivirus in the market as:
Users' guidance to identify risks and prevent attacks
As important as previous measures, it is to guide users to identify possible threats and avoid actions that may allow some virus to enter. Prior to any measure to be implemented, start guiding your business employees about risks and damage, forms of attack and what to do to avoid incidents.
Criminals seek to explore the lack of knowledge and curiosity of users, sending false messages by email, with popular issues or passing through known and reliable people, inducing users to click on links contained in the content of messages, which direct to harmful websites, this technique is known as phishing .
These methods use social engineering techniques, trying to deceive users with messages that seem true. Good examples are messages of bank charges, offers and product promotions or job opportunities. By clicking on one of these harmful links, the user will be directed to a false page extremely similar to the true page, which can capture important data or install a virus, malware or ransomware on the network.
It would be ideal to define rules and develop a manual for safe use of technology and internet equipment in the company .
Another item that should pay attention and guidance for employees is about the use of safe passwords. More than 50% of information security failures are related to the use of weak and deductible passwords. Therefore it is important for the company to share with professional guidelines for password creation and user account management .
Even taking all these measures, it will never be possible to say that your network and company information are totally safe. Therefore, never fail to have a proper backup policy, copying the relevant data periodically and storing this information in different and protected places.
Do not expect to go through critical situations such as data loss to take prevention measures!
The measures covered in this article can be implemented without further investments and efforts and can certainly avoid a lot of “headache” for you as a manager or technology responsible for your company.
I hope I have contributed to improving awareness of the importance of data security in companies.
To the next!
5 Comments
Comments closed