Latin America. In the context of the celebration of micro, small and medium enterprises, which is held on June 27, Guardicore shared its decalogue of cybersecurity recommendations, especially designed for SMEs that have hybrid work.
The importance of SMEs is that they represent up to 99.5% of companies in Latin America and 25% of the GDP of this region. At the same time, they are a target of cybercrime, due to the few controls and security measures they have.
For Oswaldo Palacios, senior account executive of Guardicore, SMEs make a mistake by believing that they will not suffer a cyberattack because they are not a large company. "This business sector in Latin America is a relatively easy target for cybercrime, due to the few cybersecurity controls that exist and the lack of training of personnel in computer science, coupled with the small budget allocated to this area."
According to the United Nations Development Program (UNDP), this business sector has had to allocate additional technological resources to adapt to working from home, but it has also been exposed to the cyber risks that this implies, such as being victims of cyber attacks and fraud.
That is why Guardicore, in the voice of Oswaldo Palacios, shared with us 10 basic cybersecurity measures that SMEs must implement, considering that in many cases they do not have a specialist or area in charge of safeguarding the security of their data and information.
1. Training. "The first line of defense is knowledge" we cannot defend ourselves from situations that affect us without knowing their origin and how to mitigate it.
2. Have other cybersecurity tools besides antivirus. There are different visibility and security solutions on the market at an affordable cost.
3. Limit the access of own devices to the corporate network. The BYOD (Bring Your Own Device) model can be useful, but if left unchecked it will become a cybersecurity threat.
4. Have a disaster recovery plan in place. Companies should have a clear map of steps to take in case of a contingency, there may be variations, but at least having a guide of what to do will help us when facing a real threat.
5. Assess the risks. In every organization there is more important information than another, critical data must have a different treatment and controlled access.
6. Do not see the IT department as an expense. More and more companies are owing their success to computer systems and their proper management.
7. Choose suppliers correctly. A consultant must answer our questions and clarify any issue regarding your product or service, this will give us the guideline to know if you hire or not.
8. Have backups. In addition to the contingency plan, it should be taken very seriously to support the information; In the face of a ransomware attack can be the difference between operating again in a matter of minutes or taking hours to days.
9. Always use a VPN when there are connections from outside the offices. This helps control who accesses the network and places a digital barrier to critical assets.
10. Be up to date on updates. All company assets must have an upgrade program to new versions, some attacks can be mitigated only by having the latest version of software.
Final Considerations
Palacios said that it is vitally important to always know at all times who accesses the information. "More than once we have heard that information was deleted or stolen, this is due to lax database access policies or the non-existence of them." To this he added that identity theft and misuse of personal data are fertile ground for cybercriminals who have found an attractive market in the sale of information.
Finally, the specialist stressed the importance of developing a Cybersecurity Policy and constantly reviewing it to ensure that it fits the real risks, and not least, if an SME suspects that its network has been compromised, or if it observes an unusual activity, it should consult with an expert.
Leave your comment