One of the latest victims of a hacking attack was the British telecommunications company TalkTalk. Their website had a distributed denial of service attack (DDOS) last October 21 and personal data of thousands of their customers was made public on the Internet: 21,000 unique bank accounts, partial details of 28,000 credit and debit accounts, birthdates of 15,000 customers and 1.2 million email addresses, names and phone numbers.
Although no company is safe from this risk, many of them still do not take the possibility of suffering a cyberattack serious enough. A fact that confirms this is that less than 20% of large corporations have taken out insurance policies to protect themselves against a cyber attack. In the case of SMEs, less than 6% .
But the best defense is certainly prevention. What should companies do to prevent a cyber attack? In this post we want to offer a series of measures that all companies, especially SMEs, should take to protect their main asset: their information.
This post is also available in Spanish.
Although the measures we will list below may seem obvious, many companies are ignoring them. Especially SMEs, who believe that it is unlikely for hackers to consider them the target of an attack, rather than considering large corporations that manage million of data. The reality is that SMEs have a lower perception of risk, and devote fewer resources to take digital security measures, making it easier for hackers to breach.
The following measures do not involve significant costs and are essential to stop being an easy target for cyber terrorists:
- Keeping anti-viruses updated to protect the company adequately from any viruses, spywares or malwares.
- Having a firewall to ensure proper Internet connection. This software acts as a barrier that protects the internal company´s network from the outside, that is, from everything on the internet.
- Ensuring that firewalls of software programs that the company may use are available, installed and activated. Whether the software used is Windows, Linux or MacOS.
- Updating the software as soon as the system suggests to do so. This is important to install the latest security patches.
- Systematizing the process of creating backups. This is important to keep all critical business information in updated backups.
- Protecting hardware: both computers and mobile devices must be protected to minimize damage in case they are stolen.
- Securing the wireless network: WEP encryption commonly used by routers is not secure. Therefore, it is important to change the encryption to WPA.
- Developing a safety culture in the company: cybersecurity not only includes technological elements, such as hardware and software, but also the processes and practices of all employees who manage and use the company's information systems. It is key to establish standards and security protocols regarding the use of computers, e-mail servers, databases, own devices, personal applications etc.
It is increasingly common for employees to use their own devices to access company information. This is what are known as BYOD (bring your own device) or BYOT (bring your own technology) practices, which not only cover hardware but also software.
The main drawback of this practice is that if proper measures are not taken, it can be an important point of information leakage or introduction of malicious software into the company network.
- Limiting access to information for employees: companies must grant them access only to platforms or information that is essential to develop their work.
- Limiting the ability of employees to install software on computers or mobile devices owned by the company.
In our case, we have created an advanced electronic signature solution that meets the highest security requirements. Thus, all sensitive information flowing through our platform is protected against any possible cyber attacks
In addition to the 10 measures discussed in this post, in Signaturit we have taken special precautions to protect our clients and users information:
- Secure Communications
We ensure the security of communications between users, our platform and our infrastructure provider. Thus, we are ensuring the confidentiality of the data flowing through our platform. The two control measures are:
- Access firewalls
Our platform is configured so that each of our servers is as restrictive as possible, establishing security groups with very specific rules. This allows public access only to those that are essential for the proper functioning of the system.
- Encrypted communications
In Signaturit all connections across servers or clients (server - server, server - client) are performed using HTTPS connections. This system is the surest way to access the Internet, as any information introduced will be encrypted, ensuring it can not be seen by anyone but the client and the server.
- Access firewalls
- Information Privacy
To ensure the privacy of all information flowing through our platform, our solution meets the regulations of the European Union's Data Protection Directive 95/46/EC. In Spain we fulfill the transposition of this directive, the Law 15/1999 of December 13, Protection of Personal Data, also known as LOPD.
- Security of our storage
All documents submitted through Signaturit are stored on servers with a first class infrastructure in SAS70 Type II facilities, which have obtained the ISO 27001 certification.
In the case of electronic signatures, it is important to mention that we do not store any signatures in our platform. Each signature is made uniquely for each document. This procedure makes signatures with Signaturit safe, unlike those that can be stored in pdf format in order to copy them whenever you need to sign a new document.
For more information on our security measures, click here. And if you want to know more about Signaturit, you can download the whitepaper posted below or contact us at +34 935 511 480.
This post is also available in Spanish.
- Do you know why the cloud is safe for SMEs?
- Benefits of the cloud: how the use of cloud services increases efficiency
- What is Digital Identity?