You probably know a company that has happened to it. In my case, I have seen several in recent years. I’m talking about a hacking of the computer system. The attackers have sneaked into the company’s strategy, encrypting all the files and asking for a large amount of money (in Bitcoins or similar, of course)—pure blackmail to the waterline.
And here, the worst begins. Realize that you are in your hands because either you do not have a backup system or it was not working correctly.
It can happen to anyone (or almost). Even if the company has an adequate firewall, a good antivirus and a compartmentalized information system, the weakest point is always the people.
An email that arrives from a company or well-known person and your guard is lowered. The attachment opens, and boom!! They are increasingly more elaborate so that they look like the actual sender. In some cases, the crude wording of the text or an incorrect translation of a word can give us a clue, but we must be trained and attentive to avoid falling.
Sometimes, the intruder installs itself in the system without making a noise and goes into a dormant state until he sees the right moment to act. If the hacker is very advanced, he can even infect backup copies first, which are detected later. Once he has obtained them, he begins to spread them to all the computers through the corporate network.
When you start to notice something strange and start isolating equipment, it is usually too late. From there, the ordeal begins. In some cases, it means the paralysis of the company’s activity for a time, with the resulting losses. In others, the definitive closure.
Since this is something that has come to stay and no one is free from being the target of these practices, companies have to incorporate the concept of cybersecurity into their culture
Basic Recommendations
- It is necessary to have a security plan appropriate to our needs.
- Install an advanced firewall and configure it according to the use of external connections.
- Have an antivirus that scans all email attachments and storage units.
- Limit the contact of USB drives by blocking the ports of the devices.
- Have backup copies at three levels: local, in the cloud and offline.
- Implement periodic processes for checking backup copies.
And above all, the most important thing is the training of staff. It is essential to raise awareness among all staff with access to a computer or mobile terminal of the need to follow security rules.
In some cases, the company has a mixed equipment configuration, with Windows equipment coexisting with MAC equipment. In these cases, extreme precautions must be taken because, in general, MACs are not vulnerable to Windows viruses, but they can spread them if an infected email is forwarded.
All these measures have to be incorporated into the company culture so that they are part of day-to-day life and are not considered a one-time thing. The protection systems, as well as the action protocols, must be kept up to date, with periodic meetings with the entire team to maintain awareness of the risks of cybercrime and the level of vulnerability that companies have today.
Also Read: DDoS Attack: Everything You Need To Know