Back Safety recommendations for companies during the summer

2023 / 06 / 27
Udara badator, eta horrekin batera gure langile askoren oporrak. Egoera hori aprobetxatzen dute ziberkriminalek beren helburuak lortzen saiatzeko.

Safety recommendations for companies during the summer

Summer is here and with it the vacations of a large part of our employees, a situation that cybercriminals take advantage of to try to obtain their goals. They are aware that, in this period, companies "relax" their defenses, due to the lack of personnel due to vacations, and the saturation of those who remain working, which increases their chances of success. For this reason, from ZIUR we want to give some cybersecurity recommendations that complement the recommendations we gave last summer.

Special attention to backup copies, to successfully address this task it is recommended to follow the 3-2-1 strategy. This strategy consists of making 3 backup copies, if possible daily; using at least 2 different supports (such as the cloud and the local disk or network disk). Lastly, it is recommended that 1 of the devices that store the information be available in a safe place outside the company. It is also vital to regularly test these backups to ensure their integrity.

Beware of temporary employees who join the organization in the summer, it is vital to raise awareness about cybersecurity among these employees, since their inexperience or lack of knowledge of the internal processes of the organization can be key in a cyber incident. It is also important to review the permissions to the systems of said users, so that they are the minimum essential, and thus, avoid possible unnecessary risks.

Emergency plan, since 100% security does not exist, all companies must have an emergency or response plan for cyber incidents and this plan must be known by all company workers, and especially by the people who are part of the cybercrisis committee. The emergency plan determines the protocol to follow in the event of any threat that may have infected your IT system or infrastructure.

Search for security breaches before you go on vacation. This task allows us to detect those vulnerabilities or gaps in your systems through which attacks by cybercriminals could slip through. Once these gaps are found, steps can be taken to fix them before disaster strikes. A good practice, to be carried out by the IT Department, is to carry out this task just before vacation, to know that your system will be updated and protected. Once you return, run this search again, to re-secure your system.

Always use private connections, especially when you are on vacation. Do you need to connect to the company email or enter the management software to do a check while on vacation and out of the office? Always do it through private connections (VPN). Do not connect to public WIFI networks, use your mobile data to establish the connection, since these connections are the perfect door for the entry of any type of malware.

Define a mobile device usage policy for the workforce. At most companies we allow our employees to use their personal phones for business transactions. We must be aware that it poses an extra risk to the organization, making it more vulnerable to attacks. A good policy for the use of own devices will help to make employees aware of the use of mobile technologies and how to mitigate the risk of attacks.

Greater role of the IT and cybersecurity team. The current digital ecosystem that surrounds companies and the risks that this implies has promoted the role of professionals in charge of managing cybersecurity in companies to take on greater prominence. It is essential that companies increase their budgets in terms of cybersecurity and that the departments involved in this issue have a greater role in making strategic decisions.