Today, the International Information Security Day 2023 is celebrated as an initiative Raise awareness among companies and consumers about the importance of protecting digital informationdata, files, networks and devices.

Under a name Computer Security Day and Association for Computing Machinery (ACM) began in 1988 as an initiative aimed at educators, researchers and computer professionals to raise awareness in an increasingly digitized society about the challenges facing computer security and to motivate everyone to Let’s protect privacy, personal and business information. Since then, it has been celebrated every year on November 30, and from here we wanted to contribute some practical advice that can help us protect our data.

And it’s not easy given that cybercriminals are usually ahead of the curve. The introduction of malware on all types of platforms has taken hold, and increasingly better programmed viruses, trojans, worms and all manner of specimens are finding loopholes to sneak in, mainly through software vulnerabilities. From there, major attacks (mainly ransomware and phishing) are programmed to cause breaches and information leaks in any area.

International Information Security Day 2023: MSP

To talk about “information” is to talk about one of the main assets of the company regardless of the sector they operate in, let alone a more sensitive environment such as finance or healthcare. And a good part of a company’s strategy for business success is the use and management of information and its ability to protect it. In addition, in the era of data protection, compliance with legal requirements in the field of document management is an imperative.

It coincides with this world day Computer Security DayThe Spanish National Institute for Cyber ​​Security (INCIBE) has published a number of basic measures in the protection of information. We summarize them for you by adding those related to sensitive data, which are even more dangerous if they fall into the hands of third parties.

Information access control. Limiting access to information is one of the most important practices. This is because the fewer people who have access to the information, the lower the risk of it being compromised. Every company must follow the principle of least privilege, that is, the user must have access to the information absolutely necessary to perform his functions. For this, the following steps must be followed:

• Define the types of information existing in our company, such as: data, accounting, clients, marketing, production, etc.
• Determine who has access to different information.
• Assign who can authorize access to certain information and how.

Advances. Creating backup copies is a basic security method of protecting information.
The media chosen to store the backup must be reliable. There are three variables to consider when creating a backup:

• Analyze the information that will be copied, the systems and storage where it resides with comprehensive security software.
• Periodic recovery tests should be performed to ensure that there are no problems when information needs to be recovered.
• Control of copy media must be maintained by marking and recording the location of the media.

Website access and secure shopping. In order to ensure this practice, one of the measures may be to check the company’s legal information. In the information section of the online store, due to different legal regulations, the following must appear: “Legal notice”, “Terms of use” and/or “Personal data protection policy”.

Another measure to ensure security is to verify that a secure communication called HTTPS is taking place. You need to check if the website is sending information in secure HTTPS mode. The function of this protocol is to protect the information exchanged during the sale and to guarantee that it travels securely, without being intercepted by third parties.

In addition, trust seals are another method that online stores provide to verify the security of a sale. Stores that have these seals provide consumers with confidence in e-commerce as well as a code of conduct.

Email protection. Email is one of the main tools of the company. Therefore, anti-spam filters and more confidential message encryption systems must be added to ensure the protection and privacy of company information. Here are some best practices for increasing email security:

• Provide regular employee training and awareness to minimize human risk.
• Establish regulations for the use of e-mail.
• Install security measures on the email server and computers.
• Implement multi-factor authentication (MFA) to avoid compromising accounts.

Cloud, network and local storage. Cloud storage technology consists of a service offered by various Internet providers that works much like a remote hard drive. Its main feature is the ability to access it from anywhere and on any device.

It allows you to have a common workspace where you can store information and share it among different users of the company. Another alternative is network storage servers. On the other hand, there is also the possibility of saving information on the hard drives of local computers. Storing information on tablets and mobile devices is considered a local storage system. It will be up to the company to decide what information to store about what type of support, depending on the security policies they are attached to.

Workplace protection. Access to corporate information, services and networks is done from the workplace. Therefore, it is vital to establish regulations governing the use of this equipment. Among other things, it is recommended to use the clean desk policy and block the session when you are not present at the workplace during the working day.

Sensitive data. Protecting sensitive data is an ethical and legal obligation that has become a challenge for small and medium-sized businesses. Increasing security while respecting citizens’ right to privacy is undoubtedly a big challenge that requires proportionality and balance. We leave you with a few tips that can help protect data and minimize the likelihood of non-compliance:

• Lock down and protect confidential client, patient or employee data.
• Restrict employee access to sensitive data with a network lock.
• Recycle and destroy customer, patient or employee data when not required.
• Implement a privacy policy reviewed at least annually and employee training.
• Use passwords. All employees must have their username and password changed at least every three months.
• Using data encryption helps protect the privacy and security of your computers.
• Secure remote access to your corporate network using virtual private networks.
• Update systems and software regularly.

International Information Security Day 2023: Consumers

Considering that cyber security, both individually and collectively, is a responsibility that affects us all, consumers can do a lot to protect digital information, and safety starts at the personal level.

We must understand that virtual life today must be protected as much as physical life, and that domestic tasks have become dangerously mixed with professional ones. It is therefore appropriate to strengthen computer security, which is known, but we do not practice it as we should. We leave you with what we understand to be the main ones at the user level:

Common sense. As always when we talk about cyber security, caution is the preferred barrier against malware, so we must be especially careful when downloading and installing apps from unsafe sites; when browsing certain websites; when opening unsolicited emails or attachments; in those originating from social networks or messaging applications, or in the use of out-of-date operating systems and applications that contain vulnerabilities that cybercriminals can exploit for malware campaigns.

Protect browsers. All web browsers contain advanced security features that we need to check and configure for activation because they are the applications we use to access the Internet and its services. In addition to checking end-to-end encryption when synchronizing or sandboxing, we should pay attention to warnings about dangerous pages displayed by browsers. Also check your installed extensions, as some are a frequent source of malware installation, and consider using “Private Mode” (or Incognito Mode) to improve privacy.

Update your operating system and apps. All operating systems provide updates with security patches for known threats that must be installed. With automatic updates, you don’t have to search for updates online or worry about critical patches or missing Windows device drivers on your computer. Just as important – or more – than the above is updating your installed apps to the latest versions, as these usually contain security patches.

Use a security solution.

Antivirus and other security solutions are recommended as they can prevent the introduction of malware. Operating systems usually have native built-in systems, and there are specialized providers that offer a large number of security solutions, many of which are free, that we can use. An advanced user or professional should consider using a comprehensive commercial security suite that includes tools such as a firewall and specialized tools against Ransomware, Phishing, adware or spyware attacks.

Manage passwords well. Another golden rule for improving internet security (besides using advanced biometric identification techniques if your device allows it) is to have a strong and different password for each website. Passwords are certainly an unattractive method for users, but they are still the preferred method of authentication for accessing Internet services or logging into operating systems, applications, games, and all types of machines. Consider using password managers who are able to do this work for us.

Use two-factor authentication. 2FA is an access control method that you may know as “two-factor authentication”, “double identification” or “two-step verification”, which has become one of the most important security mechanisms in the technology industry when it comes to authentication. users and protect identities. Two-factor (or two-step) verification provides an additional level of account security, as it’s not enough to crack a username and password.

Use backups. There is simply no such thing as 100% security in the connected world, and not just because of a virus, as a hardware failure can cause the loss of valuable personal and/or professional information. Therefore, making backup copies (what we know as a backup) is highly recommended when it comes to keeping your data safe.