Technician Pablo Testuri – Information Technology – [email protected]
As technology advances and is installed in every corner of companies, threats and cyberattacks accompany this advance. It is of the utmost importance that companies that want to protect their data and information invest time and resources in the implementation of security policies. These are used to support processes and define controls in order to protect the most valuable thing that a company has: its information, in particular, personal and customer data.
What the pandemic left us
During the pandemic, cyber attacks and threats grew exponentially. After three years of health crisis, we see that the workplace has changed. Some companies fully returned to face-to-face work, others opted for complete teleworking and finally there are those that have a mixed regime. For this reason, it has been necessary for companies to adapt by creating teleworking standards and policies.
Sometimes we lose sight of the fact that teleworking can go beyond the “Home Office”, it is taking the office to our homes, airports, cafeterias or anywhere from where we can be working. The simple fact of getting up to buy a coffee without blocking the screen of our equipment or answering a call without paying attention to who is next to us, can create a threat to our information or an access door to sensitive customer data.
Something that has become very common at this time is the use of mobile phones. But most users are not fully aware of the scope of these devices and the information they contain, from the personal data of our contacts to sensitive information on credit cards, bank accounts, emails, photos, etc.
Training: Fundamental Investment
Something as simple as the use or management of our devices when we connect to public Wi-Fi networks without security, actually carries an important and latent potential danger. You have to keep in mind when making a transaction, whether it is an online purchase or a simple transfer, always be connected to a protected network or use your own mobile data. It is directly recommended not to access public networks without protection and, if necessary, use it prudently, exposing our data to a minimum.
In this context, the awareness of employees becomes essential. It is necessary to define a training plan to make employees aware of the importance of the information they handle and the threats to which it is exposed. Also contemplating how to anticipate and prevent eventual attacks or mitigate the impacts that may result from their concretion.
A company can invest fortunes in security, the best firewall, the most expensive antivirus, create the most complex network, but if it does not create a good training and awareness plan for its employees, it is very possible that it will still be a victim of cybercriminals. In computer security, the Achilles heel is the end user, a simple carelessness or distraction leaves the entire company vulnerable.
At BDO we believe that Information Security is a point to take into account in any company, a strategic point in which we must invest a lot. This investment will not return in the form of profits or profits, but the return will be seen in the trust of our clients, knowing that they deposit their personal and sensitive data in an environment that will be adequately protected.
Meet our suppliers
As part of the new global context, many companies have outsourced services related to technology, server and equipment maintenance, website or server hosting, among others.
Every company should be aware of the security policies implemented by these providers in order to be certain that the data exchanged in the context of the service will be protected. Data that can be from the firm itself or from its clients. It is also important to establish control mechanisms to ensure that protection.
Final comment
It is very important to be aware of how vulnerable we can be, and therefore our company, if measures are not taken to protect our most valuable asset “information”.
It is imperative to remember that investment in security is necessary in all companies, mainly to protect their data and information and to provide confidence to customers, who ultimately are the ones who deposit their own sensitive data and information with that company. And this investment does not consist only in equipment, but it is essential to generate a regulatory framework that accompanies the incorporation of technology. And this framework must contemplate the development of security policies accompanied and supported by standards, procedures and controls to guarantee their effectiveness. Also create training and awareness plans for your employees. All these elements will position it as an adapted, safe and reliable company.