Bruno Talpo

Marketing Analyst Brazil

Information Security refers to data protection that people and companies handle daily and to the practice that ensures that sensitive information can only be accessed by its owners; it is a great ally for companies, as it is responsible for preventing anyone from improperly distributing sales data, profit margins, competition, among others; it is also important for users of technological devices and who have access to the internet, so that no one has access to photos, videos, personal information.

We share a few tips so you can include digital security in your personal and professional life:

Danger of digital life at home

Many examples can be cited, but there are some very specific and that we cannot fail to mention:

1. Lack of digital hygiene: refers to healthy habits, for example, not be on social media for more than one hour a day, disconnect from the cell phone at 9pm, since in the morning almost always the first thing we do is to look at our mobile device.  
2. Current digital threats: do not reply to or click links received from unknown senders, do not accept invitations of people that you do not know in social networks, nor exchange photos or have public profiles.   
3. Not updating the devices, you use is a great danger, since we must have the newest version installed of antivirus and programs to avoid contingencies.  

Most common types of cyber risks at home and at work

As well as the dangers of digital life, there are many cyber threats to information both at home as in the work environment, we can mention a few: 

1. Ransomware: a link or attachment is received by email and if you click on it or download it, it can block the screen and hijack data, asking for an amount of money so that you can have access to the information and to the device again.    

2. Phishing: is identity theft; we should be able to recognize when we are being misled to share passwords, credit card numbers and other confidential information. 

3. Fake news: appears every day in various unreliable media and it is where information that is not correct is disseminated.
4. Grooming: is when a malicious person seeks to chat with children making indecent proposals; this is why the use of technology must be supervised constantly.

Teleworking Security

Although we know that information can be put at risk in the work environment, there is more risk working from home, since we are not going to be aware of devices that protect navigation as firewalls; some people have Wi-Fi well secured, others connect to public networks and other people could have a high probability of opening files from unknown senders or fall for identity theft.  

Ideally, companies should train and make employees understand what the risks are and the ways to protect themselves, while we are at home teleworking. 

Mobile Security Precautions

• Avoid giving verification codes that we receive from SMS; since this is the way they are using to hijack WhatsApp accounts and social networks as Instagram.
• Avoid entering links sent by unknown senders, since some sites download malware or can be blocked with the purpose that cybercriminals can obtain login credentials.  
• Install applications only from the manufacturer´s store; be careful not to install badly ranked applications, since some have been able to break security protocols;    
• Have a good mobile security solution to protect your device.

How to create an effective security policy from the companies?

Initially, a security policy must be aligned with business objectives, based on a standard of best practice and among other things, have complementary policies that leverage out objective.    

Security processes that allow to establish administrative and operational controls must be considered to effectively carry out adequate risk management, within the framework of confidentiality, integrity and availability of the information, complying with legal and regulatory requirements and in constant search of continuous improvement.   

We can talk about policies on internet use, passwords and how information is classified regarding complementary policies, and some others that guarantee that the company´s people are trained in this regard with everything related to Information Security in the company.  

Essential Security Tools in Corporate Security

A good firewall or a proxy on the part of infrastructure is be able to block dangerous sites, but since many of us are teleworking it is important to have a remote monitoring software.

Tools that ensure safety in operations or if transactions are made are important and, for this, there are ERD: machine learning capabilities and DLP: that monitor the organization´s network to prevent information, emails, cloud storage applications, social networks leak or even disable physical ports on devices. In the same manner, a good antivirus is essential and preferably if it comes with ransomware protection, as well as a password manager software.  

Tools for comprehensive risk management will become a trend for next year, which will be used to scan vulnerabilities both in information systems as in the network itself.  

Security Challenges for Companies

• Really understand what is information security and its importance for business.
• Create a risk conscious culture.
• Adapt business continuity to the new normal, since many companies had to migrate their infrastructure to the cloud. They will encounter concepts as private cloud, public cloud, hybrid cloud, zones, software as a service, infrastructure as a service, platform as a service, etc.  
• Effectively balance compliance and security information, and the result of this is risk management.