The Footwear Technology Center of La Rioja, CTCR, organised on July 13th, an information day on how to protect companies against possible "cyberattacks". Carried out by Clavei, the event was attended by more than thirty companies of La Rioja interested in securing the protection of their business systems, due to the growth of this type of attacks, more and more frequent in small and medium companies. This masterclass was given by Carlos A. Rodríguez, director of systems and cybersecurity department of Clavei, who shared the fundamental protection standards to take measures to avoid the dreaded cyberattack, emphasising the vital importance of protecting all our data, and not just act when we already have the problem.
It should be noted that no company is free of this type of problems, although it is true that SMEs tend to be more vulnerable due to the minimal investment they make in this area.
We are constantly being attacked, even without realizing it, they may be automatic robots, criminal groups to make money, countries in Cyberwar, hackers hired by our competition, even from within our own organization, disgruntled employees who have had access to our confidential information.
Viruses have been constantly evolving; there are lucrative viruses, phishing spam, DDOS and ramsonware, which can leave our company inoperative.
To avoid and protect us from cybercrime, it is essential to comply with some norms:
1.- We must have an updated antivirus and anti-malware.
2.- Perform system updates periodically.
3.- Having a reliable backup; this is only achieved by checking the restoration on another computer from time to time.
4.- Have a contingency plan against possible attacks. In case it happens it is advisable to turn off, notify and look for the backup.
Ignorance exposes us, it is better to dedicate resources to security than to become a statistic. There are good practices to be permanently protected against these crimes, so it is always recommended to have a system to control access to critical information of the company and correctly establish the permissions per user.
On the other hand, we can also count on a system of perimeter security and communications control, as well as web applications that make difficult the access to the servers.
We must take into account that vulnerabilities in the software and in our operating system are detected and used by hackers to take control over our infrastructures, so it is extremely important to have our operating systems, applications, programs and website updated if we have a content manager.
Professional advice is very important to achieve a constant development and maintenance of prevention measures.
Finally, the training of users is a key element. The leak of information voluntarily or not, has a human component, so it is necessary to keep a check on the webpages that are visited and not open mails that are not related to the company, with unknown or dubious origin.