It is a reality that feels with particular strength in the business sector, where although it has given local businesses the possibility of making deals with people from all corners of the world, it has also made them white attractants for the attacks of malicious actors in everything The globe
Peru is especially susceptible to these attacks due to the predominance of micro and small businesses (MYPES), which constitute 99.4% of the country’s formal businesses, which often lack the necessary tools to repel these types of attacks.
“From experience, here in our country companies do not take into account the part of cybersecurity, which is something for which they should be prepared as part of their strategy and in what is the continuity of the business,” he said in conversation with Commerce Julio César Seminar, specialist in Cybersecurity of Intecnia Corp and ‘Country Partner’ of Bitdefender.
“It is a deficiency that we have in our country, where there is no education on cybersecurity”The expert lamented. “There is no syllable in the school that teaches you issues on how to efficiently manage your social networks, how to prevent strange people from visualizing your information or what you should and what you should not publish online. It is an educational issue that has been crawling for many years. “
It is a professional perception supported by some studies, with the last “report on ESET threats”, which found that 60% of the companies surveyed considered that sufficient resources to cybersecurity are not allocated.
A situation that can be devastating for a company, with the victims of cyber attacks suffering from economic damage to the loss of confidential data and blows to the company’s reputation. To prevent this from happening to your business, here some tips to improve security for Mypes.
Identifying the enemy: what are the most common cyberbrains
While there are various types of cyber attacks, the main method suffered suffer from small ones are two: phishing and ‘ransomware’, which are frequently related.
He ‘phishing’ It consists of a cyber attack where people are sought to reveal confidential information, which in the business context usually focuses on passwords that allow attackers to violate the security of the company. For these attacks, cybercriminals use emails, text messages or false sites making you pass by legitimate entities or even friends to get the information.
He ‘ransomware’ It is a cyber attack where malicious software is used to block the victim’s access to its important systems or files, demanding a rescue in return to return them, a devastating situation for a business since it can leave it temporarily paralyzed. While there are several ways to violate the security system of a company, one of the most common is to make a person who has enough authorization to access the company’s vulnerable data.
How to prepare
Benjamín Franklin said that “an ounce of prevention is worth more than a pound of cure”, a phrase that is particularly appropriate for cybersecurity matter, where the preparation of a company usually determines, in most cases, if they will be well released of a computer attack. In any case, these are the areas that computer expert Julio César Seminar recommends paying particular attention to companies.
1. Identifies your critical points and support your information
“For the Mypes, the first thing to do is have a plan that begins with identifying what their critical digital assets are, not only to protect them, but also to plan how To this newspaper Seminar. For this you have to perform backups periodically and also make restoration simulations to verify that the procedure can be carried out successfully.
Attention! The expert noticed that an error that is often made with the backups is that they leave them physically connected to devices within the company’s network, which makes them vulnerable in case of an attack or theft of information, removing their main purpose. Do not fall into this trap.
2. Original Software (and keep it updated)
The use of pirate software is a reality in the world, allowing many people without funds to use programs that have become indispensable for their work. However, common sense says that the cheap is expensive, and nothing is cheaper than what appears to be ‘free’.
This is because cybersecurity is a constant battlefield in constant evolution, with cybercriminals continually finding vulnerabilities and cybersecurity experts constantly covering them, What makes any company maintain updated software to its latest version to avoid being a victim of known safety.
The second price is more subtle, with the computer expert indicating that on many occasions These Cracked programs are infected by malicious codes that allow their distributors, these malicious agents, violate the systems even greater ease.
“These programs are already with a embedded malicious code and although when you install or execute it it seems that nothing happens, in time this can mutate, downloading codes silently or infiltrating the operating system to specify an attack,” he warned .
In this regard, in addition to highlighting the need to buy original software -be the programs you use and the operating system -, seminar also recommended a list of those programs on the computer are necessary to update them periodically, not to leave them in a vulnerable version. He added that some security programs also have tools to automatically patch programs that need it, making the process more convenient.
3. Hardware also matters
Not only the software has to be updated, but also hardware. That is, the teams that one uses. “Physical devices are also susceptible to violations if they are very old,” he warned.
We have an example almost around the corner, with Microsoft raising the requirements for a device to run the Windows 11, its latest operating system.
“There is already a definite date (October 14) in which Microsoft will not provide support from the Windows 10 operating system, which requires companies to invest in a hardware that splices with the demands of this Version of the operating system, ”said Seminar.
If you want to know if your operating system is compatible with Windows 11, here we have a note so you can review the demands of the operating system.
4. Employees awareness about good cybersecurity practices
In every organization, regardless of size, the human factor is the most vulnerable. That is why to improve the computer security of a company, one of the first things that one must do is raise awareness of good cybersecurity practices, so that they are prepared for any cyberspace risk.
These range from Do not open unknown emails, do not click on suspicious links or share confidential information by email or text message.
5. Create safe passwords
One of the most basic aspects that must be taken into consideration are password safety. “You can have passwords that range from 1 to 5 that are very easy to violate by a cyber -cyber and even have a common password database that can be used to persistently try to violate the digital assets of the organization,” he said.
“Now a password is required that has at least 12 characters, but I consider that 8 could be sufficient. The recommendation is to generate passwords from phrases, which are easier to remember. An example of this is’ ** Tools Demonitor And that you are going to score on a piece of paper, ”he said.
6. Get a cybersecurity solution
Seminar also recommended having a ‘Endpoint’ protection solution as offered by its Bitdefender company. “These use algorithms to detect malicious activity, they find Malwares already known and analyze network traffic or URLs to prevent the user from making harmful code discharges.
A cost that can come to the account if one is the catastrophic that can result for a company a cyber attack, causing not only material damage, but also of reputation. Likewise, we must not think that there is no solution that is available to smaller companies. “If we have at least five machines, I calculate that between S/.400 and S/.500 you can acquire an antimalware protection solution that will protect them on top,” said Seminar.
7. Monitor your network
Even if you have a cybersecurity solution, its effectiveness decreases if there is no someone who is attentive to alerts on suspicious activities that it notifies.
“Many times these small companies do not have a IT area (information technology), which is not highly recommended. This is because you can adopt very powerful technologies with abilities to contain malicious codes, they require management to respond to cyber attack, ”he said. The speed of the response is particularly crucial in this type of attacks, since stopping by the clock gives these criminals the opportunity to realize the obstacles that you must jump to specify your attack.
What to do if an attack is suspected
It depends a lot on the type of attack.
- If it is an ‘phishing’ attack, It is essential to find what things have been violated and make a drastic change to all passwords of all users who have access to information.
- In case of a ‘ransomware’ attack All teams that have been committed to prevent the crisis to expand to other systems must be isolated.
- In the event that the company does not have a IT specialist, it is advisable to contact a company that provides technical services to review the system during the attack and determine if it really is one or is a different problem.
Pay the no pay? For seminar, it is advisable not to pay. “They can pay and perhaps they give them part of the information, but if they have not done a containment job, that is, identify and solve from where the attack entered, the same will happen again.”
It should be noted that a cybercrime, for more technologically empowered, is still a crime so it must be denounced before the Police, in particular to the PNP high -tech crimes investigation division, retaining and delivering all kinds of evidence as the threatening messages from computer criminals.
After a cyber attack
- The objective is to reactivate the company’s operations, an easier issue if there is a backup. In case we do not have one, the recovery becomes somewhat more difficult and manual, requiring to put together the database to serve customers.
- Depending on the cybersecurity solution you have, make a deep analysis of all teams.
- In case of not having done it before, change passwords.