According to Alejandro Villar, director of Cybersecurity & Technology Risk at Repsol, we assume that sooner or later we are going to receive any type of computer attack or cyber attack, but the question we must ask ourselves is “If we receive a cyber attack…How are we going to react to it? What is my action plan?”
Introduction: The Cyberattack in Spain
In Spain, the majority of SMEs (Small and Medium Enterprises) do not consider the possibility of being attacked because they compare their company with a larger one, so if a cybercriminal If you had to choose between one or the other, the option of attacking the company with more benefits would be more attractive, but of course, it is most likely that said company has greater security unlike SMEs, which currently, along with individual users, are those who suffered a greater number of cyber attacks.
This is why, whatever the size of the company, it is important to take security measures to prevent cyber attacks and create a continuity plan, so that if attacked, the company does not lose continuity and can continue with its activity.
In this article we will see which are our best allies to combat cyber attacks, as well as what are the most common mistakes that we should avoid. Keep reading!
Cyberattack: Measures to combat it
These are the different aspects that must be taken care of to avoid the cessation of the company's activity in the event of a cyber attack:
1) Backups
Absolutely all company data must have a backup copy, so that in case anything happens to that data, we have a backup of it.
We have several options, such as making backup copies in the traditional way and saving this data in physical formats such as hard drives, although it is not recommended since it can lead to accidental deletion of data, due to human error or a hard drive hardware failure.
It is best to have the backup copy in the cloud or externally in a highly secure area.
There is a method for making backup copies that seeks to gain access to a backup copy so that it can be backed up whenever necessary, this method is called the 3-2-1 rule.
This rule indicates that three backup copies of the data we want to back up must be made and maintained, at least two different media will be used (not keeping all copies in the same place) and one of the three copies must be outside the company (in Cloud).
2) Establish a confidential data erasure system
Based on the fact that companies have an obligation to store sensitive information about both the company itself and its clients, it is convenient to know that, generally, this information can be deleted after 4 years, with some exceptions.
This is why we can avoid unnecessary vulnerabilities if we delete this confidential data once the period of time for which we are obliged to maintain said information has passed.
3) Security when teleworking
Teleworking has become a more common option, due to the current situation and the pandemic. This opens an immense security gap if appropriate measures are not taken, such as establishing a VPN or raising awareness and informing our employees about the importance of cybersecurity from home, since it is easier for cybercriminals to carry out an attack. over an unsecured network.
What do we do when we have workers working from a network other than the company's secure network? The answer is very simple, just implement a VPN (virtual private network) that redirects our data traffic securely or establish an encrypted connection.
4) Have the possibility of using disaster recovery
A disaster recovery is a defined process to recover data and functionalities in the event of a system interruption due to a disaster, whether natural or human-caused.
So this will be our last resort for critical situations in which our company has been affected by any attack or natural disaster. We will resort to this option when the company has lost continuity and we need to restore or return to its normal operation, since it allows us to protect and restore the data and operational operations of the company, so that it can continue functioning.
5) Learning and Continuous Improvement:
Analyze the incident to learn from it. What could have been done better?
Implement preventive measures and update your security politics. Train your team to be prepared for future cyber attacks
Recommendations against a cyber attack
Once we have seen the measures to combat a cyber attack Let's take a look at the recommendations to take into account:
● Protect equipment
Using an antivirus and keeping your computer updated to the latest version to solve possible security problems.
● Strong passwords
No more common words or words that appear in the dictionary, family names or our favorite team. Letters, both upper and lower case, numbers and symbols must be combined, taking into account the length, since the longer the password, the more difficult it will be for the cybercriminal to obtain it.
● Use security protocols
To share or send data we must always do so using a reliable and trustworthy method, not share data through unknown sources or unreliable sites.
● Check the authenticity of links and profiles
As for email, it is very important not to open links from unknown or untrustworthy sites. If we do not know who sends it or we do not expect any email, it is better to be safe and not open any link contained in it. On the other hand, we have to be extremely careful with social media profiles and take care of the information we share.
● Avoid giving personal information
It is best to never give out personal data, unless it is strictly necessary, since in this regard any kind of security that we can apply will never be enough, so the less personal information we share the better, in addition to taking into account who we share it with. .
● Do not download pirated content
It is very common to download pirated content and many users use this way to place malicious files on the system in order to carry out an attack from there, which is why it is better to check the website before downloading anything from any site.
● Make backup copies
As we have mentioned previously, it is very important to make backup copies, following the 3-2-1 rule, so that if we lose information we can recover it quickly and easily.
● Prepare a contingency plan/action protocol
It is important to note that, although we take all possible safety precautions, 100% does not assure us that we are free from danger, which is why we must always develop a contingency plan to know how to act or what steps to follow. so that, once the attack has been suffered, the damage is minimal and we can return to functioning correctly in the shortest possible time.
This plan includes the technical, human and organizational measures necessary to guarantee the continuity of the business and operations of a company or organization.
Most common errors after suffering a cyber attack
Once we have seen the measures we can take to prevent a cyber attack, let's see what are the most common mistakes to avoid after being victims of a cyber attack.
1) Be confident after suffering a first attack
The most common thing is to invest in improving security systems after suffering the first attack, but then relax after implementing these improvements, this being a serious mistake, since cybercriminals also learn and find new ways to violate the system.
It is important not to fall into this mistake and not take one eye off the topic of cybersecurity, read news and be up to date with the cybersecurity of our company.
2) Hide what happened
The most normal thing, when a company receives an attack and does not respond efficiently to it, is that it tries to hide it from its customers.
This is another serious mistake, on the one hand because the company has the obligation to inform its clients that their information could be in danger and on the other hand, clients must be aware in order to take security measures against the attack, since be it changing the account password, reviewing the integrity of the data...
In the opposite case, in which we have a contingency plan to act in the event of an attack and act effectively, it is a good idea to communicate it to clients to demonstrate that the company responds correctly to attacks, generating trust and security in the client. .
3) Do not collect data or analyze what happened
It is very common that once an attack is received, alarms go off and all attention is focused on recovering the continuity of the company, even going so far as to format the devices in order to achieve that goal, but there is something even more important, we must ask ourselves: What exactly happened? How did we suffer the attack?
We have to take into account the main reason for the attack, to know what measures to take in response, since an attack is carried out on a vulnerability, either through a pen drive, a malicious link to the email or by accessing with a user's credentials. So if we know what the reason was, we will immediately know what measures to take so that it does not happen again.
For example, in these three cases:
- If it was through a pen drive, it would be advisable to restrict their use on a computer with sensitive information.
- On the other hand, in the event that there is a problem with a malicious link via email, it would be advisable to keep our workers informed about the “Phishing” (a method of cyber attack widely used, which consists of obtaining confidential information fraudulently) and that they do not open suspicious emails or emails of unknown origin.
- Finally, in the event that any user's credentials have been exposed, it would be a very good option to enable double authentication before accessing the system.
4) Do not ask for help from a professional
It usually happens that after receiving a computer attack, the company contacts its trusted IT specialist to solve the problem, but these IT specialists in charge of fixing hardware problems on computers or installing new software on them are not cybersecurity experts, so They lack the knowledge and resources necessary to deal with a problem of such magnitude.
This is why it is a very common mistake, when the correct response would be to ask for help from cybersecurity experts to solve the problem in the best possible way and return to normal as soon as possible.
We hope that this article on cyber attacks has helped you to better understand how cybercriminals act and how you can protect yourself.
Remember that prevention is key. Keep your systems up to date, use strong passwords, make backups, and educate employees about cybersecurity. It is always advisable to have a contingency plan and an action protocol to face these scenarios.
If you have any doubts, you can contact us. You can also, if you wish, read the articles we have written on our blog.
