The increase in teleworking with the arrival of the pandemic increased cyber crime, learn how to detect possible vulnerabilities in your company.
The loss of data or the loss of confidential information is only part of the challenges that must be faced in terms of cybersecurity.
As part of the digital transformation, companies must include a strategy according to current circumstances, where an optimal budget for cybersecurity is defined.
According to the Digital Trust Survey 2021 report prepared by PwC based on the opinion of 3,249 business and technology executives from around the world, 96% of companies have modified their cybersecurity strategy.
Among the biggest concerns regarding cyberattacks, those targeting the cloud stand out, this after many companies had to migrate their operations as a result of the pandemic.
55% of the technology and security managers surveyed affirmed that in 2021 they will increase their budget in cybersecurity, and 51% that they will increase their full-time payroll. The positions most in demand are: those specialized in solutions for the cloud (43%), in security intelligence (40%) and in data analysis (37%).
It is recommended that a financial institution carry out weekly threat and vulnerability assessments in order to reallocate resources if necessary.
Likewise, cybersecurity should be considered in all business decisions connecting business unit budgets with cyber budgets aligning risks with existing data.
Bad practices that cause incidents in cybersecurity
A large number of vulnerabilities in cybersecurity are the product of human errors within the company, so it is important to know them to counteract them.
Each member of the company has a responsibility to be part of that shield that protects the company.
External devices on company computers: Allowing the use of external memory devices (USB) exposes computers to potential malware.
Inappropriate use of company mobile devices. Accessing corporate mail from your mobile and connecting to a public Wi-Fi network can expose customer and company data.
Upload files to the cloud without encryption. Although the cloud is a good option for working with corporate files, the documents must be protected. Therefore, encryption is required, regardless of whether free or paid cloud services are used.
Do not report incidents or problems with corporate devices. Any type of incident should always be reported to those responsible for the company. With this, security breaches will be avoided.
In a situation where the pandemic has forced companies to have their workers work from confinement, home networks tend to make company data more vulnerable than in a controlled office environment.
Stalkerware: this is a type of spyware that is accepted through a link or downloaded by the user and that scans the data of the smartphone to create an image of its activities.
If the user uses a mobile device with a work focus, this type of attack could allow a third party to make written communications creating corporate email fraud, recordings, or videos that can have great repercussions for the company.
Likewise, to avoid this, it is important to have the necessary protection and to carry out preventive maintenance of personal equipment to avoid possible vulnerabilities that may represent a threat to the company's security.
Fraudulent emails: staff must be trained through processes and policies for handling confidential information so that they can detect fraudulent emails, common practices of cybercriminals.
With the pandemic, phishing campaigns related to COVID-19 have increased, where cybercriminals pose as reputable health organizations that include attachments or hyperlinks to the theft of information.
Multi-factor authentication - Implement an authentication layer that enables a comprehensive view of privileged identities within your IT environments, including a procedure to detect, prevent, or remove orphan accounts.
Remote office software: verify the security characteristics of the platform used in a remote office, its conditions of ownership of the data, and protection of privacy, portability, availability, scalability, among others.
Accesses: identify accesses to the company's services by third parties, their limits, and access to confidential data, in this way a timely monitoring of suspicious accesses and abnormal situations, as well as privileged accesses, must always be carried out.
When knowing the risks that companies face, it is important to develop a cybersecurity strategy that includes prevention, detection, and response actions in the face of these situations of vulnerability.