It is difficult to imagine today’s business life without the use of electronic devices and their connection to the Internet. The use of Information and Communication Technologies has become a crucial issue for most business organizational systems.
For companies, the use of this technology is essential: e-mail communication within the company, automation in the cloud, e-business or the possibility of promoting products and services on a large scale through the Internet, among others, are ways to ensure your competitive capacity. As a result, it is said that there is a dependency between companies and technology.
But there is one thing to consider, and that is that, just as the generation of new technologies and applications to make business life more convenient is advancing exponentially, so are the risks and threats to these devices and applications. This creates many difficulties for companies, forcing them to invest in cybersecurity. Security in this environment has become, today more than ever, a matter of survival.
For some years now, cybercrime has been on the rise, and cybercriminals have been improving their techniques, making them more complex, to circumvent even the most impenetrable security structures. This represents a vulnerability to be covered in companies, which are in a race to improve all their systems and devices.
Always keep in mind that investing in cybersecurity is never an expense, investing in this area is always a safe value.
The necessarily rapid adaptation of companies in a constantly changing technological environment must involve a series of guidelines and protocols in technical, organizational, legal, physical and awareness-raising aspects. Preventive measures are the ones that can help the most when facing an attempted attack. The following lines describe the measures to be taken by companies to improve security.
Measures to be taken by the companies for their security
When we talk about organizational issues, a security policy must be defined, through regulations and procedures that establish the guidelines to be followed in the company. Depending on its characteristics, the risks that affect it and the appropriate action plans for it must be found. From there, internal methods must be generated and made available to employees, so that safe technical procedures are followed.
Investing in technical issues, how to carry out access control, is very important. Just as we use a key to enter our home, in the virtual world we also need to have the necessary security measures in place. It is necessary to determine certain issues such as who has access to what, establish permissions on certain information, generate procedures to request extraordinary access to information, etc.
Using the mechanism of least privilege is a tactic whereby each person is assigned the minimum amount of information necessary to perform his or her job, and if more is needed, it must be requested.
Creating backups is absolutely essential. Through cloud storage, or backups outside the organization, prevention against loss of information is achieved.
In addition, it is necessary to have antimalware protection on all corporate computers and devices, which is specialized in a wide variety of attacks. Likewise, to be more secure, both applications and operating systems must be updated and patched. Implementing measures to secure the corporate network and Wi-Fi can help us to make our company more cybersecure.
Finally, investing in the training and awareness of all employees is paramount. In the case of cybersecurity in a company, the weakest links are usually people. For this reason, it is necessary to develop a specific strategy for personnel to take an active part, not only in the execution of the security measures implemented, but also to become a security agent in their daily work.
Safety training must be conducted for employees: both technical staff and other personnel; and teach them safety policies, regulations and procedures in their day-to-day work. In addition, good practices should always be monitored and periodic awareness-raising and sensitization activities should be carried out.
In addition to all this, there is an organizational transformation in most companies, motivated by the consequences of Covid-19 and its direct repercussions on the labor system, where teleworking and relations with other companies or businesses at a distance are taking precedence. Having control in all these matters is necessary to prevent any type of attack.
Benefits of cybersecurity in companies
If these general proposals and others specifically required by the company are carried out, it will be possible to obtain benefits and security guarantees that can be extrapolated to other areas. How can it benefit us?
Productivity
Devices and software play an important role in a company’s productivity, and keeping them safe can give us considerable gains and a real advantage.
There are many ways in which cybersecurity can provide us with secure value. On the one hand, by creating a security structure that organizes data, it helps to make operational processes more efficient and easier to perform.
On the other hand, the possibility of recovering data after an attack is key to not stopping the organization’s performance. On many occasions, this complicated and sometimes impossible task involves expenses in the hiring of specialized personnel and, above all, in overtime.
Likewise, having a contingency plan for incidents in advance will make up for productivity costs. If you can easily recover from cyber-attacks and have the appropriate recovery and response procedures in place, you will reduce downtime.
The fact that we cannot access certain company services has a direct impact on productivity. In cases where an activity cannot be carried out for some time due to a security breach in the company, production losses can be enormous.
In the case of the attack on the SEPE, this agency was unable to provide services for several days, and during all that period, most of the staff had to do their work manually, dedicating approximately 19,000 overtime hours to recover the usual rhythm of operation completely.
Brand image
Betting on cybersecurity in our company is a differential value. If we are able to reinforce cybersecurity on a daily basis and transmit it reliably, we will give a more attractive brand image.
Companies communicate with their customers, suppliers, consultants, etc. through the network, and therefore, having security measures in place allows the parties to interact securely, creating a more trustworthy relationship. It is the customers who make it possible for the amount of work to continue, and therefore, we cannot move forward without their trust.
Having different cutting-edge software, a team of professionals and technological equipment is an added value to any company. Today, you cannot provide a high quality product or service without paying attention to cybersecurity. Now more than ever, customers are demanding that the process of contracting, manufacturing or acquiring a product or service be carried out in the safest and most risk-free way possible.
A data leak, security breach or any other attack can cause potential customers to look to other companies for a service or product. Therefore, it is absolutely necessary to take precautions to prevent this from happening and to build customer loyalty.
There are more and more news in different media about security breaches and other attacks that have damaged the reputation of many companies. The image of vulnerability that is given in these cases has sometimes led to the loss of million-dollar contracts, to customers using other companies to contract services, or to the closure of a plant or the entire organization.
Competitiveness
The incalculable potential of new digital services, changes the experience of customers and suppliers of the company, which increasingly has to rely on data and technological tools in constant transformation.
At this time it is difficult to offer a high quality service without addressing the organization’s cybersecurity. To increase business competitiveness, it is very common to resort to certification to the standards of the International Organization for Standardization (ISO), an independent organization that plans and establishes universal standards.
The ISO 27001 standard specifies the requirements for establishing, implementing, maintaining and improving an Information Privacy Management System, seeking to achieve the objectives of confidentiality, integrity and availability of information.
Obtaining an ISO certificate can help to increase the company’s competitiveness. This process has to be applied and qualified by another company.
Investment in cybersecurity is a differentiating factor for the company, since it generates confidence in customers and suppliers.
Regulatory Compliance
The amount of data in organizations is increasing, and one of the reasons for investing in cybersecurity is the Data Protection laws in many countries.
These regulations make it possible that, if the stipulated regulations are violated, there is a risk of being penalized or having your business activities shut down.
From the Spanish environment, 2 regulations must be taken into account:
The first of these is the General Data Protection Regulation (GDPR), a set of regulations developed by the European Parliament and the Council of the European Union, which has mandatory implementation in EU countries.
From this first, in Spain came Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights, replacing the previous Organic Law 15/1999. These two officially seek to provide a guarantee of digital rights, and all companies in these countries must comply with them. Apart from these two, the Law on Intellectual Property Protection (LPI) protects projects, developments and works derived from business activity.
Agencies have also been created to safeguard the right to data protection, such as the Spanish Data Protection Agency (AEPD), which is responsible for ensuring compliance with the Organic Law on Personal Data Protection in Spain.
One of the most talked about big data leaks from companies is the Uber data theft in 2016. This company paid the $100,000 bounty to the cybercriminals, but did not warn users and drivers until some time later, mostly in the US, UK, Australia and the Philippines.
For failing to report properly, it reached a settlement with U.S. attorneys general, which led to the company paying $148 million for deliberate concealment of massive data theft. Investigations and sanctions were also carried out in the other affected countries. In addition, this agreement requires developing, implementing and maintaining a safety program and submitting safety reports to the authorities.
Peace of mind
We wake up every day to a multitude of news related to cybersecurity attacks. According to the UN there is 1 cyber attack in the world every 3 seconds and the number of malicious emails has increased by 600% in the last year. The direct and most valuable targets of many cybercriminals are private companies and public organizations.
For many companies, especially the larger ones, cybersecurity is among the most prominent concerns and issues. It is an activity that must be inserted in each of the habits and areas of the company.
This is because in the future no one will be safe from being cyberattacked. Sooner or later, all companies and organizations, no matter what size they are, are bound to come under attack. Rethinking the company’s cybersecurity and being able to detect an attempted attack can give us peace of mind that we are less vulnerable.
In organizations, a corporate culture related to cybersecurity has to be in place starting from the top management level and reaching each and every employee in the company. When it comes to cybersecurity, the weakest links are generally the people, and a specific strategy must always be developed to ensure that personnel take an active part in the security measures implemented and become a security agent in their daily work.
Investing in security infrastructures and expert cybersecurity personnel gives us more peace of mind when carrying out each of the procedures and actions necessary to perform the job.
Profitability
An exposure can bring risks to the structure of the devices and applications that make possible the operation of the technological activity of a company. And when this happens, the company has to reconfigure, install new security systems and solve the previous problems, which entails high economic and time costs.
Managing digital resources and services in a transversal way and always progressing in the measures, with the objective of mitigating risks, is one of the best sustained ways to avoid problems in the future, causing losses of great economic value.
The Hiscox Cyber Readiness Report 2020, tells us how the average cost in 2020 for each cyber-attack for all companies in Spain was 66,800 euros. Moreover, in the case of larger companies, the loss is close to half a million euros.
It is not always possible to prevent an attack, as there are many fronts, but the potential for strict security measures to be implemented can result in lower losses. Technologies are developing more and more exponentially, which means that cybercriminals are also opening up new innovative routes to make their attacks more efficient.
Conclusions
As a way of concluding, and tracing in a general way all that has been said, it is clear that, in the technological context in which companies find themselves today, reconsidering investment in cybersecurity is a competitive advantage.
Not only to avoid being attacked, or to reduce the costs involved, but also to have an advantage over other companies and to ensure the trust of suppliers and customers.
Lidia Fernandez