70% of cyber attacks target an SME, with an average cost of €35,000, according to data from the study ‘Current panorama of cybersecurity in Spain: challenges and opportunities for the public and private sector’ by Google. These attacks result in 6 out of 10 businesses having to close, and those that survive do so with serious reputational damage.
Thus, acens Part of Telefónica Tech remember some protection tips for SMEs and measures to guarantee service continuity and information recovery in the event of disasters.
The importance of AI
The development of AI will bring important efficiencies in business, but for many it can pose a cybersecurity risk. “The rapid evolution of AI has radically transformed the way we interact with technology. However, this technological revolution is not without risks, such as adversarial attacks on AI models and the collection and processing of large data sets to train AI models, in which to guarantee solid data privacy and security practices. Data is essential to mitigate these dangers. On the horizon of cyber threats, deepfake technology presents itself as a potentially devastating weapon”explains Manuel Prada, Head of IT Security at acens.
Companies continue to face strong pressure due to increased cybersecurity risks, but in the case of SMEs This pressure is greater if we take into account that many do not have a CIO or security officer nor do they implement basic security protocols. There are multiple problems and factors that contribute to increasing current risks in computer and cloud security, but according to the acens IT team, although zero risk does not exist, there are two factors that can help SMEs minimize the risks associated with a cyber attack:
- The human factor, since eight out of 10 security breaches occur due to human error.
- Have a secure cloud provider.
To minimize the risks, acens advises, first of all, training and explanations to staff “especially regarding email and precautionary measures in its use. In this sense, it is advisable to carry out simulation phishing campaigns for employees so that they are alert and able to recognize a cyber attack in advance,” Prada points out.
lauthentication security It is another of the keys for acens; Therefore, beyond a double authentication system for user access, the technology company recommends taking care of generating secure passwords with more than eight characters that include letters, numbers and signs for user access to corporate applications. “The cause of most unauthorized server intrusions remains the choice of a weak password.recalls Manuel Prada, IT manager at acens.
Among the protection measures that an SME can take, acens also highlights the convenience of carrying out analysis of security system vulnerabilities or pentesting. “The hosted data or resources associated with a service must be protected by different layers of logical security, and in all of them the appropriate adjustments must be made to avoid unauthorized access and, to this end, it is advisable to have a vulnerability analysis of the service. security system. In our case we reinforce the physical security of our CPD with 12 layers of security”explains Manuel Prada.
Prada also explains how “In addition to implementing local security measures, the SME has important support from its cloud provider. Hiring cloud services is easy and reliable, which is why it is important that the SME selects a secure cloud provider, which should be required to meet specific security criteria such as: What guarantees of confidentiality and data protection does it offer me? What type of physical security measures do you implement in Data Centers? Access control, 24×7 surveillance, CCTV, biometric access to ensure that only authorized personnel access… What guarantees does it offer regarding availability, access to data, the system’s ability to support data and recover from incidents? Uninterruptible power supply systems, air conditioning, fire detection and extinction, fault-tolerant systems, generating set, etc.”
Finally, perform continuous software updates, as well as regular backups, especially of critical data, is another of the recommendations that acens remembers. “A very common mistake is installing web applications and not keeping track of security updates. In the current context, both companies and service providers must have cybersecurity solutions and resilience plans. But in addition to protecting the data, it is critical to be prepared to mitigate possible damage in the event of data loss and for this it is convenient to have an automatic and reliable backup of information in the cloud, which enables a quick contingency plan in case of failure of the company serversconcludes Prada.
