If, with technology, several benefits emerged for companies, some problems also began to appear. With the internet, the concern with information security is redoubled.
This is because the number of people and companies affected by the malicious action of others in electronic media has been rising in recent years, reaching high levels.
According to the 2019 Internet Security Threats Report, web attacks rose by an average of 56% worldwide in 2018 compared to 2017.
The two-year comparison also indicates, for example, that 48% of malicious files sent as attachments in emails were from Office.
The news is not good for companies, who have seen the average number of attacks on their systems increase from 42 (between 2015 and 2017) to 55 (only in 2018).
According to the report, threat groups have shown an interest in compromising operating computers to establish disruptive business operations.
The survey further pointed out that organizations tend to be most impacted by email-based attacks, as email remains the primary communication tool for businesses.
You may wonder if these numbers really impact your business, as they are worldwide. Well know that Brazil was considered the second country in the world with the highest numbers of cyber crimes.
62 million Brazilians were affected by these crimes in 2017, causing a loss of 22 billion dollars.
Therefore, it is a mistake to think that a company should turn only to put into practice its strategic planning, forgetting about information security in the business.
On the contrary: measures to protect internal and customer data must be part of the strategic objectives of any organization. Do you know why?
Because information is already part of the business' assets, whether internal, that is, corresponding to the organization, or customer data.
Just think about all the inconvenience your business can have if an employee disables, for some time, the antivirus of the computer he works on and unknowingly downloads an infected file.
This can even compromise the entire company network, corrupting important files for the progress of activities and for the organization's own strategy.
Imagine if you needed to delay the delivery of a product to a relevant customer in your wallet precisely because all files relating to that project were lost due to cybercrime!
Your customer will be dissatisfied and may not even close new contracts with your business, migrating to your competition. This will translate into financial and image losses for your company.
You have already realized the importance of information security, haven't you? But what is she really? Read on to understand a little more about this concept.
What is information security?
Information security is an entire process that aims to ensure the protection of the data set of an organization and its customers.
As we said, information is now part of the heritage of any business, as it is part of the intellectual property of organizations.
They are accompanied by knowledge, practices, techniques, processes and technologies, and the combination of all these factors constitute the competitive differential of the business in the market.
Therefore, the information does have economic value for companies precisely because it must be confidential and accessible only to authorized persons. That is, they need to be protected.
In this sense, information security is based on three basic pillars that all business management must know about. Are they:
- Confidentiality – is nothing more than the privacy of a business' data, and it must be ensured that only authorized people have access to it;
- Integrity – this is the guarantee that data and settings are changed only by those authorized to do so, preserving the consistency and reliability of information;
- Availability – refers to the need for data to be available and accessible for consultation by authorized people at any time they require it, ensuring the agility of processes and tasks.
You are probably already curious to know how to guarantee these principles, that is, how to put information security into practice in your company.
However, let's first explore a little of the main threats that exist in electronic media and that are very common to reach organizations.
Main risks existing on the Internet
If technology is dynamic, with new configurations emerging all the time, so are architected attacks on systems.
The more protection software is developed to avoid any problem, the more new malicious items are developed by so-called hackers, who are always working to get into other people's computers and systems and steal information.
Check out, below, some of the main risks existing on the internet today, against which you should be careful in your company.
Viruses are perhaps the most familiar threat to everyone, as we have either already been victims of a virus or we know someone who has been.
This is malicious software or code designed to spread from one computer to another (like a human virus), changing the way those computers work.
The virus inserts or attaches itself to a legitimate document (or even a program) so that the user can open the file or install the software without realizing that it is damaged.
The effects of viruses are often very harmful, as they are capable of corrupting or destroying data, as well as damaging software.
The internet security survey we presented at the beginning of this article also indicated that 81% of ramsonware infections in 2018 were in companies. But what is this threat?
Ramsonware is malicious software that, like viruses, infects computers, but with a different performance: there is a requirement that a fee be paid to make the system work again.
The ramsonware can prevent the system from functioning by encrypting with password important files or simply blocking the computer screen.
This form of criminal profit is usually installed through misleading links made available in emails, websites and even instant messages. The same survey cited, for example, found that one in ten shared URLs in 2018 was malicious.
Spyware is a program that acts as a spy, since it installs itself on the machine without the user noticing it, observing and collecting data about activities such as browsing history.
After having this information, spyware transmits it to an external source without the user's consent. His goal then is to monitor the data.
However, it is wrong to think that spyware is only used by individuals with bad intentions. Many companies are using this feature to monitor the activities of their employees.
Thus, they can have a view of the time they spend on a certain website or program, identifying the user and controlling access and security of the machines.
The term phishing comes from the English expression fishing, which means “fishing”. And that's exactly what this threat does: criminals fish for sensitive data from victims who, like fish, “bite the hook”.
This “hook” is usually a malicious link in an email, which directs the user to a site, at first glance, reputable and asks him to enter personal data in order to access something.
Another very common type of phishing is banking related, in which the victim is taken to a page that looks like their bank to update their information.
She ends up supplying her bank details under the illusion that otherwise she will no longer have access to her accounts. Thus, the criminal receives all the information to use it as he wishes.
The name malware comes from the combination of the words malicious and software, which already indicates that it is malicious software. It enters the computer illegally, aiming to either damage the system or steal information, whether confidential or not.
Both viruses, ramsonware and spyware are considered malware, which could be seen as a set of these practices that compromise the operation of devices and information security.
But it is noteworthy that not all malware is malicious, as some companies use it to gather information about their customers to offer them more targeted advertising.
However, you have to keep an eye out, because when this is the case, the malware will ask for authorization to be installed on the machine.
This risk is closely linked to companies. These are people with fraudulent purposes who impersonate employees or someone connected to the business to gain access to information.
For example, someone sends an email to an employee posing as the president of the company and starts asking for help with a certain issue, culminating even in bank transfers.
Phishing is a social engineering tool, which also includes non-digital means to be performed, such as through phone calls.
As we have seen, there are many risks to information security that a company faces, and the consequences are extremely negative for those who are their victims.
Whether the loss of a database or the overexposure of internal or customer information, the damage is financial, image and credibility in the market.
You probably don't want this to happen to your business, right? Therefore, in the next topic, we have separated some tips for you to ensure the security of information in your company.
How to ensure information security in my business?
There are so many existing threats that one can even become totally discouraged, thinking that there is no way to effectively protect oneself from all of them. This is just not true!
There are some alternatives that, when used, help a lot to protect companies' data, keeping it safe and less exposed to hackers and malicious programs. Get to know them below.
Create an information security policy
The first step for companies is to create an information security policy. It will define the responsibilities of each one to ensure data security.
This document also determines the attitudes that guarantee this safety, indicating good conduct practices to all those involved and, with this, making the performance of employees homogeneous in this regard.
Hire an antivirus
The use of antivirus is already so widespread in society that many individuals buy software of this type or install free ones on their computers, tablets and even cell phones.
This is not for nothing! Antiviruses, when of quality, are always being updated by developers, being able to protect machines from old and new viruses.
In addition, many current antiviruses also already have the ability to detect intruders and risks such as spyware and phishing, alerting the user before he falls into a scam.In the case of companies, the ideal is to have corporate antivirus, which are more effective for organizations than the common antivirus on the market, ensuring the high availability of systems.
Update software and drives
Many hackers take advantage of system holes to break into them, and these spaces can be found in outdated software and drives.
It is precisely for this reason that companies are always offering updates for their programs, such as Windows itself, correcting potential flaws and giving greater security to the systems.
Thus, it is essential that IT managers monitor these updates to perform them on the company's machines and ensure data and systems protection.
Control access to data
This step is essential to ensure the security of company data. Not all collaborators need access to everything, right?
Usually the information is divided by the interest of the areas that need to use it. So it's important that your IT staff restrict access to those who really need it.
Can you imagine if an employee accidentally deletes some important information from another area? Think about the internal and external impact this can have!
Furthermore, it is valid to encrypt strategic data, which will only be accessed by those who have the private access key determined for the file.
Back up constantly
Errors – such as deleting a file that shouldn't be deleted – are common to happen, but being on the lookout for them is critical.
One way out is to perform backups constantly, storing the data in reliable locations that are easily accessible to the people related to them and authorized to obtain them.
A good option for this data storage is to use cloud options, which already have specific services that aim to preserve the security of stored information. As you have seen, information security is crucial for any business, ensuring the protection of internal and from clients. If you are interested in more topics related to technology, be sure to visit our blog. We recommend reading: Information Architecture: impacting the user experience. Good reading!