Computer security in SMEs (small and medium -sized company)
Computer security in SMEs is increasingly important because our devices and mobiles are exposed to the Internet, where we can find different attacks on our equipment, because we increasing , email, electronic commerce, social networks, instant messaging systems, etc.
To have a security policy, it is necessary: identify what we must protect (hardware, software, the sensitive data of the company, internal and external business services that can communicate with the outside world (suppliers, customers, trade sites electronic) or interior; you also have to discover communication networks, that is, discover the interactions and services that communicate with the outside.
The human factor is the one that must worry about the protection of data, equipment and computer security threats that are more present every day and new and different attacks arise.
Although we could also think that the trap of the same protection producers against these threats are the same as they create them, so that the business is not finished.
SMEs and self-employed before some threat must denounce, because it is a crime.
The origin of these problems lies mainly that companies need to connect with the outside and mobilization. Using devices that may present important safety risks, allow their users to access your company information at any time, for example, commercial, financial data, etc.
All equipment must be supervised, since they are not permanently connected to the company’s internal network, they can connect in places where network infrastructure are heterogeneous and more or less safe. Even taking precautions during exchanges with the company’s site, there may be someone infected with a virus, a Trojan or other malicious program that will endanger all the security measures established internally.
For a hacker, it is increasingly easy to attack a mobile terminal with applications and sensitive data than a complex, totally safe infrastructure.
In short, the main security threats related to equipment or devices: loss or robbery, unauthorized access, malicious programs, spam, electronic listening, etc.
According to the author of the book "Computer security in SME, current situation and best practices", by Jean-François Carpentier, in the field of computer security, there are three families of vulnerabilities: related to physical areas (lack of redundancy and of resources at the equipment level, access to non -safe computer rooms, absence or bad data protection strategy); related to organizational areas (lack of human resources and qualified personnel, communications, periodic controls, procedures documents adapted to the company, means related to risks and functional complexity); and vulnerabilities related to technological areas (multiple failures in web services and applications and databases, lack of updates and patches of operating systems, lack of sufficient control over malicious programs, recurrence of failures and lack of supervision of incidents of incidents , complex, unprotected, poorly organized networks, without redundancy, and misuse of mail.
In SMEs the proliferation of personal mobile terminals accessing their networks generates new risks that are currently on the solutions that should be applied, because the associated risks are complex and changing.
Each user must know the minimum prudence rules (password management, support procedures, physical protection of the hardware) and also be informed of the procedures that must be followed in case of incidents.
Those responsible for a company, to guarantee the protection of the information system with respect to its internal staff, may present a document that will agree on principles of the correct use of computer tools. This implies that staff must read and understand the recommendations about computer security. This document must clearly and transparently the modalities and limits of using the computer means that the company makes available to the personnel, as well as the controls that may be implemented. The following topics can be addressed:
- The access and use of computer resources and Internet services.
- The rules of use of available resources and security.
- The confidentiality standards imposed by the company.
Other computer security measures can be: passwords (usually change them and be effective); Verification in two steps, you have to be careful with public Wi -Fi networks, configure the safety of your router, updated operating system, review privacy in social networks, online purchases on safe platforms, etc.
To avoid the threats on the Internet, that is, increase our degree of digital confidence, with a safe navigation on the network, there are free computer security tools: AVG Antivirus, Bitdefender Free Edition Antivirus, Avast Free Antivirus, Lastpass Password Manager, Norton identity safe, spybot, zone alarm free firewall, etc.
There are also applications for computer security mobiles, such as: QR Scaner, Applock, F-Secure, Prey Antirobos, Avast Antivirus, My Backup, finger network, etc.
In conclusion, all SMEs have the responsibility to protect their information in the development of their activity.
References
- https: // books.Google.It is/Books?hl = es & lr = & id = lke5_6gzbmgc & oi = FND & pg = pa15 & dq = the+security+inform%c3%a1tica+in+the+smes & Ots = 51u1lbs38h & sig = asjq1ri0sfwyt3z0Ofplsivtzzz4#v = onepage & q & f =
- https: // HelpleyprotecciDatos.ES/2019/01/11/GUIDE-SEGURITY-INFORMATIC-PYMES-AUTONOMOS/
Leave feedback