To reduce this type of internal or external threat, the experts give some recommendations that every business should incorporate into its usual actions to avoid putting the company’s work at risk. Some of them include:

1- Establish a protection policy

It is important that companies establish a protection policy against computer attacks. Employees must know and implement a series of security rules and protocols regarding the use of computers, emails, databases, applications, remote access…

2- Protect devices

One of the key steps to prevent a cyber attack is to ensure that all devices used in the company are properly protected. That is, having antivirus, firewalls, VPN installed to connect to the Internet privately, that is, a network system that hides our real IP address.

If employees also access through their personal devices, it will be necessary to verify that they have adequate protection to comply with the company’s cybersecurity standards.

3- Keep systems updated

A critical part of protecting a business is keeping business systems and software up to date. Not updating them regularly will make your entire system vulnerable to potential threats.

4- Use strong passwords

The passwords used in the company must be complex, that is, they must have a succession of random characters that include symbols, numbers, upper and lower case. It is recommended that, from time to time, employees change the passwords for their accounts.

5- Use only official applications

Another recommendation is to download only official licensed applications from known providers. Pirate apps can be used to introduce malicious elements.

6- Control removable devices

It is important to control the external devices that are connected to the computer and, above all, never link one of the devices to the computer through public Wi-Fi networks since they are a port of entry that is widely used by hackers.

7- Avoid personal data

Personal data should never be revealed on the internet unless it is from a known or totally reliable sender. At this point, it should be noted that the company’s data should not be used either, as it could endanger its security.

8- Create backups

Backing up data is an essential part of running a successful business. By creating regular backups, you ensure that in the event of a cyber attack, you will not suffer major losses and prevent business operations from coming to a halt.

9- Do not trust messages from unknown senders

A fairly common practice among cyber attackers is to send emails with malicious attachments. In such cases it is important to be wary of an unknown sender as it is probably some kind of fraud or deception.

10- Use the SSL certificate

It is essential to use the SSL certificate since it sends the encrypted information to the server. Web pages that use it can be distinguished by their address beginning with “https://” instead of “http://” as well as a padlock appearing in the address bar.

What to do in case of a cyber attack?

Finally, it is important to know what to do in the event of a cyber attack.

According to the General Data Protection Regulation, companies are obliged to notify the Spanish Data Protection Agency (AEPD) of any attack on their security within a maximum period of 72 hours. This notification must inform about the nature of the incident, the consequences it has caused and the protective measures that have been carried out.

In addition, a complaint can be filed with the Telematics Crimes Group of the Civil Guard or through the Technological Investigation Brigade of the National Police.