15 Mar 06 Tips to Keep Your Business Safe on the Internet
Companies of the most varied sizes and segments have increasingly used the internet as a strategic resource for their business. The massive use of technology, coupled with the availability of connectivity offered by the Internet, means that many companies, especially the smaller ones, use the resource to add value to their products and services.
The large ones, on the other hand, that already have very clear strategies on the use of the Internet for the business; need more and more security for constant protection of data and applications, since they have greater criticality of operation, besides being more attractive targets for virtual attacks.
The main point is that the internet is present in a large part of the business; for some the operation is dependent on the internet, for others the network is responsible for streamlining administrative processes, logistics, relationships with customers and suppliers, among others.
Large companies and governments have been commercial Internet users since its inception, and because of the criticality of the business and maturity over the years, they understand security as a strategic item. Because of this, they have generous budgets and highly specialized human resources, minimizing risks and ensuring that services and products are adequately offered over the internet.
On the other hand, Brazil comprises mostly small and medium-sized companies, which use the internet in a growing manner, but do not have the same maturity, nor the budget, of the aforementioned ones. Thus, we decided to create this article to address some basic, and extremely fundamental, elements to keep your company safe on the internet.
1. Use original software
For various reasons companies, especially the smaller ones have restrictions to purchase certain software used daily by their employees. Whether it is a cultural issue or a lack of knowledge on the subject, the reasons may be varied, but the concrete is that many companies make use, intentionally or not, of pirated software.
From a security perspective, it is an extremely high risk. Although it does not mean that the environment is compromised, it is common for people to intentionally make pirated software available with malicious code that could compromise corporate network equipment or receive information from it.
Because of security, and for other reasons, seek to keep the software structure in your company fully legalized, and updated, minimizing security incidents.
2. Keep anti-virus always up-to-date
Regardless of whether you have a firewall in your company or some security device, it is critical that each device has an anti-virus or similar software to complement the layers of security, in order to protect your environment.
There are several free anti-viruses, with relatively interesting levels of efficiency. Therefore, even if you do not have a budget for buying paid software, look for at least one free solution. Never leave your computers without an anti-virus properly updated.
The anti-virus can be seen as strategic because it does not only act on applications that use the internet. They can check the incidence of viruses on a pen drive, which would not be possible to be viewed on a corporate firewall, which is usually on the perimeter of networks.
3. Have a good UTM firewall solution
A firewall, in a simplistic way, is a hardware or software made to narrow the traffic between the internet and computers on an internal network. Because of this, this feature can define what may or may not be accepted.
For example, with a firewall you allow or restrict users’ access to certain services or websites at specific times, as well as allowing services to have a higher priority over Internet use than others, and many other possibilities.
In addition to protecting and enabling deployment of security guidelines, firewalls generally provide high visibility into the network through reports and charts, allowing the company to have more control over the use of the Internet, making it more productive.
Imagine a particular industry that eventually is not producing much, nor hitting goals. The common point is to get more people to check if the goals are met, but usually this does not happen. It is then discovered that each employee in that sector has an average daily distraction of 1 or 2 hours on the internet, with personal or non-work related activities.
Even for those who argue that idleness is healthy, and in some cases can increase productivity, it is of great importance to monitor employees’ access to identify possible abuses. Do you want to know how much your business can lose from misusing the internet? Access our productivity calculator.
4. Use an excellent anti-spam
Communication through e-mail increases every day. Many deals are made or confirmed through e-mails and, therefore, this means of communication ends up being the target of some types of attacks that can generate representative damages to the businesses.
In addition to phishingand other problems associated with e-mail, the high volume of unsolicited messages received on a daily basis can be a major obstacle to productivity. The process of analyzing legitimate e-mails takes valuable time from collaborators and can generate impulsive actions of mass e-mail removal, causing the loss of content relevant to the business.
There are a number of corporate anti-spam solutions that directly protect the domain, delivering to users only those messages that are not marked as spam. This offers much more agility and reliability for using the service.
5. Controlling is much better than blocking
Blocking the use of the Internet may seem like an interesting solution to productivity, however this may induce employees to use some alternatives to circumvent the controls established by the company.
A very interesting recipe is to control and really know what is being accessed, as well as create an agreement so that certain websites and contents can be accessed in certain periods, aiming a day-to-day decompression.
It is clear that certain content, especially illicit, adult and other ones can or should be banned altogether, but others, especially the ones related to social networks, entertainment, news and so, can boost productivity if well dosed.
6. Build an information security policy
An information security policy may seem intangible to small businesses, or even larger businesses with little governance. The policy should address its basic needs and define how the Internet and computing resources should be used to preserve the confidentiality, integrity, and availability of information.
Therefore, for a business with less complexity, few guidelines may be sufficient to support the technologies used to reduce Internet threats, productivity, and so on. In general terms, you must make clear the purpose of using the computer resources and the internet, punctuating the rights and duties of each employee.
For businesses with more complexity, in many cases it is interesting to hire a specialized consultancy to properly assess the environment and purpose with the policy, creating necessary alignment of both the guideline and the infrastructure needed to support it.
Just as important as a security policy is the regularity of audit. If you cannot rely on an external auditor, do it yourself and certify the compliance of the operation with the policy. Evolve with the learnings and make constant revisions to improve it.
If you have a company and the number of employees and computers is bringing some questions or problems of security, productivity and availability, contact us and talk to a specialist; we will be happy to assist you!