Every company must bear in mind the risks of exposing all its information and business on the Internet, and given my technical deviation in cybersecurity, I could not contain myself from leaving these basic tips.
Evaluation and anticipation
The first, and most important thing, is to accept that there is always a vulnerability, that we are never 100% safe. The size of the company does not matter: every organization needs a regular backup protocol, both online and offline, Y a robust contingency plan that allows anticipating the team’s reaction to a possible cyber attack.
For example, it helps to establish an order of sensitivity of the data handled by the company and to segment the network in such a way that one system does not allow access to another. Although the damage is impossible to avoid, there is much that can be done to minimize it, so it is necessary to assess how prepared the business is for it.
Cybersecurity as an investment
Digital security is not a matter of giant corporations with thousands of employees: SMBs Y startups are also equally or more vulnerable to cyberattacks. So, implement a cybersecurity strategy adapted to your business model to protect your resources Y The identity of your employees, partners Y providers. This includes paid antivirus, legal software, and apps downloaded from official sites.
internal training
Conduct periodic cybersecurity training for all members of the company; if the leaders incorporate small actions in pursuit of cybersecurity. this will serve as an example for the rest. and cybersecurity will become a habit. Make sure the concepts of phishing, spear phishing, malware Y ransomware, among others, are known Y everyone knows what to do if they spot a phishing in their email inbox. It is important to establish policies for strong passwords, without repeating them on multiple platforms, or writing them in easy-to-find places.
Response fast
Inform employees of the incident response plan. As well as the facts around the different types of incidents. it serves as a reminder of your responsibility to maintain confidentiality and minimize the risk of information reaching outside sources through informal channels.
Identity digital
A mature digital identity system must allow, on the one hand, manage the life cycle of a user, transversally to all services current and future digital and, on the other hand, control access to the organization’s resources in order to mitigate risks. For this, it is essential to incorporate multiple robust authentication methods (different from multifactor authentication) that, associated with the user’s behavior, are compatible with the different use cases implemented in our company. The digital identity must be, in this world in which new digital channels appear all the time, that which allows the user to have a single point of view through the multiple services they consume. This will make it possible to understand the natural path for the user to adapt and have a higher level of security.
Traceability of consent
In the coming years, it will be increasingly necessary for companies to have a system that allows auditing the what, how and when of the consent provided by a client/citizen/user. Have a role key not only for the user, but also in how to protect, in legal and reputational terms, what happens within the company, The system must allow the updating of any condition, as well as review this information in real time when the user or regulator indicates it, or when the company needs to reinforce this type of situation.
Invisible fraud prevention
This will make the difference when a user chooses between one digital service and another. At the business level, the decisive factor will be the ability to provide the user with predictability about how he can operate and that we can establish unique policies based on the behavior of each user. An factor It is very important that fraud prevention policies are dynamic and in real time. It is also necessary that the business be the one to lead that dynamism.
Right to be forgotten
In relation to traceability, the right to be forgotten will become an indispensable feature of all types of platforms. The exchange of digital information will have to implement, in an effective and simple way, a functionality so that each user can choose when they take control of their information and when they want to unsubscribe from a platform or an organization. From the side of companies that want to sell goods and services or reconnect with the user, the objective will be to identify them anonymously. In other words, the great challenge will be to generate a re-engagement with the user without taking their confidential data.
business resilience
It is something that was put to the test during the time of the pandemic. How many companies had calculated the cost of stopping operations for a day? This is an indicator that is becoming increasingly critical, and every director or technical, logistical or supply chain manager should be very clear in order to establish a cybersecurity strategy in conjunction with the specialists.
Complexity of attacks
The degree of complexity of the attacks has recently shown that there is nothing new: ransomware, phishing, spear phishing. What is relevant will have to do with user training, being able to collaborate and generate a new cycle of internal training. If the organization has already suffered an attack and you are sure that it stopped the hack, a review is necessary in order to discuss the incident response plan and decide if it requires any type of adjustment, based on the errors of that first time. Communication with 1T is vital to ensure that vulnerabilities already exploited will not be used again by attackers.
Cloud data risks
More and more companies are working with their data in the cloud. We could say that it is an almost essential element for the digital transformation of businesses in the world, because among its benefits we find savings in infrastructure or servers, improvements in access, more agility in execution and storage tasks, among others.
However, this rising trend also brings many risks related to cybersecurity; especially if appropriate preventive measures are not taken into account. It is one hundred percent necessary to comply with security standards to protect user data and the information of companies (more than valuable assets) that is uploaded to the cloud, to avoid the threat of cyberattacks and unrestricted access by third parties.
Use of secure networks
Remote work, constantly growing as a result of the pandemic, has generated more traffic and connections from perimeters located outside the office. This, without a doubt, entails risks in access to the company network. So, every company should educate their employees Y promote the use of secure networks. An example is the use of VPN (Virtual Private Network) which consists of a private network to which different computers are connected. in a safe way. These VPNs require user authentication with name and password, and can ensure the secure exchange of data between the main network Y remotely connected equipment.
By Sebastián Stranieri, founder and CEO of VU. The above is an excerpt from his book -free download- “B2B sales for startups”, in which he develops the stages that lead to a successful online sale.
You may also like
by Sebastian Stranieri