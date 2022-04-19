To protect the data of an SME, the option of hiring an external consultant should be considered (photo: Technology for Business).

In the framework of World Entrepreneurship Daywhich is celebrated this Saturday, shared a basic IT security guide for small and medium-sized businesses to protect themselves against cybercrime threats.

“While computers and the Internet offer many benefits to small businesses, these technologies are not without risks. Some of them, such as the physical theft of equipment and natural disasters, can be reduced or controlled with sensible behavior and common sense precautions,” said the head of the ESET Latin America Research Laboratory.Camilo Gutierrez Amaya.

However, he warned, the risks resulting from cyber crime -such as the theft of personal information that is then sold on the black market- are more difficult to handle. “Even the smallest companies handle personal data of customers or suppliers that may be of interest to a cybercriminal -said Gutiérrez Amaya-. This implies that, No matter how small a business, it must take a systematic approach to protecting the data entrusted to it.”

Then, one by one, the six keys that spread ESET -the leading firm in proactive threat detection- to protect SMEs from cybercriminal threats.

1- Analyze assets, risks and resources

Make a list with all computer systems and services used, and be sure to include mobile devices that may be used to access corporate or customer information. Then analyze the risks associated with each element and the resources available to solve IT security problems.

2- Create policies

Let the team know that you take security seriously and that the company is committed to protecting the privacy and security of all data it handles. Also, they must detail the policies they wish to apply. Furthermore, it is essential define who has access to what data within the organization, for what purpose, and what they are allowed to do with it. It is also relevant to have policies for remote access, the use of own devices to work (BYOD) and authorized software.

3- Choose controls

Use controls to enforce policies. For example, if you want to enforce a policy to prevent unauthorized access to corporate systems and data, you can choose to control all access to company systems by requiring a username and password, and a second factor of authentication (2FA).

In order to control which programs are allowed to run on company computers, you can choose not to give all administrator rights. At the same time, to avoid leaks caused by lost or stolen mobile devices, employees could be required to report these incidents the same day and lock down the affected device to erase its content immediately and remotely.

According to Gutiérrez Amaya, a continuous effort must be made in good faith to protect data and systems (EFE).



According to ESET, the following should be used security technologies:

– Endpoint Protection to prevent malicious code from being downloaded to devices.

– Encryption to protect data on stolen devices (also suggested in the GDPR regulation).

– 2FA to require more than just a username and password when accessing systems and data.

– VPN Solution for extra protection.

4- Implement controls

When carrying out checks, it is necessary to ensure that they work correctly. For example, you should have a policy that prohibits the use of unauthorized software on company systems. So one of the checks will be anti-malware software that looks for malicious code. Not only must it be installed and tested so that it does not interfere with normal business operations, but it must also be document the procedures that employees should perform in the event that the software detects malware.

5- Train employees, managers and vendors

In addition to knowing the firm’s security policies and procedures, the team must understand why they are necessary. The most important and effective measure that a company can implement is Invest in cyber security training and awareness.

For example, when working with employees it is essential raise awareness about things like phishing emails; Make the awareness information on cyber security is part of the onboarding process for new employees and provide advice security on an intranet page.

6- Keep evaluating, auditing and testing

IT security is a continuous process. In that sense, it is necessary update security policies and controls based on changes in the firmrelationships with new vendors, new projects, new employees or -on the contrary- employees who leave the company.

In order to detect weak points and be able to address them, consider the option of hiring a external consultant to perform a security audit.

Other recommendations

Faced with the increase in the activity of cybercriminals focused on stealing user data, the Central Bank of the Argentine Republic (BCRA) also provided advice to avoid being victims:

– Do not share personal data (users, keys, passwords, pin, Social Security Key, Token Key, original ID or photocopy, photo, or any type of data), by phone, email, social networks, WhatsApp or text message.

– Use passwords combining uppercase, lowercase and numbers; and have different passwords for applications, accounts, platforms or sites. Activate the authenticity of two factors in the personal accounts of social networks, WhatsApp or the digital platforms that are used.

“Even the smallest companies handle personal data of customers or suppliers that may be of interest to a cybercriminal” (Gutiérrez)

– Do not write sensitive data on sites through links that arrive through email, as they could be fraudulent. Always make sure you are on the legitimate page before entering login information.

– Have the browser updated, the operating system of the equipment and the apps. And take a minute before acting, since those who carry out this type of scam appeal to emotions, carelessness and urgencies.

For its part, from the multinational company focused on fraud prevention and identity protection VU Security They also shared tips so that users can prevent falling into cyber scams.

– Check that the page is well written and if promotional messages arrive with links or attachments, preferably do not click or open any link. Look for safety signs. All sites have their own security protocols. The first and most common is “https” at the beginning of the website address, which is usually accompanied by a padlock or shield icon.

From ESET they assured that IT security is a continuous process.

– Operate through secure connections and avoid public places. It is important to protect the home Wi-Fi network with a strong key and, if possible, not to share it.

– Enable additional authentication factors. There are several banks and online shopping platforms that allow you to enable the option of a second authentication factor. For both buyers and companies or financial institutions, it is essential to increase access security levels.

“From what we can see, the cybercrime wave is not going to stop any time soon, so An ongoing good faith effort must be made to protect data and systems, which are the lifeblood of today’s small businesses ”, concluded Gutiérrez Amaya.

