Digital transformation brings with it many opportunities for companies, but it should not be forgotten that it can also pose a new source of threats. Over the course of 2020 and 2021, attacks on cybersecurity have increased in both number and impact, and this 2022 is expected to bring with it a record wave of cyberattacks.
With this scenario in mind, in this article we offer five tips that you should take into account to enhance your cybersecurity in 2022. Let’s get down to details.
Be aware of regulatory updates
Cybersecurity is constantly evolving and this is reflected in the legislative changes in the sector. In this context, it is essential that your company is aware of such changes in order to be able to act in compliance with the law.
One of the changes proposed for this year is the European initiative on digital operational resilience for the EU financial sector (known as DORA: Digital Operational Resilience Act) included in the list of priority proposals for approval in 2022, which will regulate cybersecurity in organizations deemed to be financial institutions.
At the European level, we will also have to keep an eye on the NIS II Directive (Network and Information Security Directive) and the proposal for a Directive on the resilience of critical entities, which will update the competencies and obligations in terms of cybersecurity among member states.
Failure to comply with the applicable cybersecurity legislation not only affects your organization’s own security, it can also expose it to lawsuits or fines either from the administration or from customers who may be affected by such non-compliance.
Pay special attention to the security of mobile devices
The growth of web traffic via mobile devices has been a constant for years, but this has now been joined by the boom in teleworking brought on by the COVID-19 pandemic.
Nowadays, it is very common for workers to access important company servers and files using mobile devices that are not monitored from a security point of view, which poses a significant risk. To prevent the occurrence of problems in this regard, it is important to incorporate specific security practices for mobile devices in your cybersecurity strategy.
These could include installing anti-virus software and controlling who has access to these devices, offering secure cell phones from the company and encouraging good digital hygiene among employees. This last point is fundamental.
It trains all workers in cybersecurity matters
The human factor is both the weakest link and the best opportunity to improve cybersecurity. As we said earlier, in a burgeoning environment for remote working, it is important that workers have a solid foundation to avoid becoming the gateway for cyberattacks.
There is no point in having technological solutions and security measures in place if workers are not able to identify potential threats. Email, a day-to-day tool for every worker, can be a source of numerous problems such as malicious links or files that are just a click away from the worker. Good staff awareness is essential in order to head off many of the threats.
In addition to this awareness, it’s necessary to have cybersecurity specialists who are aware of the latest threats and know how to deal with them.
The key to success is this combination of factors: technology, experts and awareness. Technological tools enable scalable and automatic prevention, cybersecurity experts monitor their operation and go where software does not, and workers will have a foundation for not falling victim to attacks, thereby reducing the number of threats.
Review your supply chain security
2021 set several precedents for major cyber-attacks caused by security failings in supply chains. Therefore, it is important to upgrade the control and security of the supply chains.
Best practices include the review and control of profiles with various levels of privileges. In fact, many of the attacks could be avoided by not giving access to sensitive information to users who do not really need it. Therefore, controlling profiles to give the minimum necessary privileges both inside and outside the organization is essential.
Applying the Zero Trust principle is also a good idea. This security model is based on a strict identity verification process, so that it never assumes the user’s identity. Thus, anyone wishing to access the information must first go through an authentication and authorization process.
Protect yourself against ransomware
Ransomware, when information is seized and a ransom is demanded, is one of the main threats for companies in 2022. According to the 2021 State of Ransomware report, 37% of the companies that participated in the study were victims of this practice.
The impact of these cyberattacks can be very significant. All it takes is for a person to open a malicious document received in the mail to execute the code that will hijack and encrypt the information on the computer.
Therefore, as we have already mentioned above, staff education is essential so that they can detect, or at least be suspicious, when they receive certain emails. In addition, you should have means of protection such as antivirus or end point software, network traffic checking tools, etc.; it is also important to keep software versions up-to-date and regularly check for possible software vulnerabilities.
We help you protect the security of your company
Don’t wait for an attack to improve your organization’s cybersecurity. Loss of data, loss of trust, high fines or lawsuits with customers/suppliers… the risk is simply too high.
If you need help with your cybersecurity, whether for regulatory compliance, protection against cyberattacks, vulnerability scanning, etc. Centum can help you. You do not need to allocate your organization’s time and resources to this – we can adapt to your needs and the assets to be protected and create a tailor-made cybersecurity strategy for your company. If you need more information please do not hesitate to contact us.