Your employees: first line of defense against cyber attacks

When it comes to the information contained in your business’ cyber transactions, security cannot be left to chance. It’s no secret that electronic business operations leave a data trail that, if not handled properly, could fall into the hands of thieves and cause damage or losses. One step towards computer security is having your employees be the first line of defense to prevent the risks of not being careful with electronic information on computers or mobile devices, such as cellphones. Educating yourself —and educating others— is essential Your duty as a businessowner is to educate your employees, making them aware that information falls into different categories and all information must be protected, be it public, internal, confidential and/or highly restricted. These categories are present in the electronic activities and transactions you and your employees handle as part of your business—including your clients’ confidential information. Disclosure, destruction or unauthorized use of highly restricted information could have a negative impact on your customers as well as on your company’s reputation. What is highly restricted information? It may be data bound by legal non-disclosure requirements, but it also includes data about you or your clientele, such as:

• Driver’s license
• Birthdate
• Credit card number
• Personal identification number (PIN)
• Email address
• Social Security number
• Passport number

Thieves looking to profit from illegal access to this data are known as cybercriminals. What are some of the most common cyber threats?

• Phishing - Emails with misleading messages seeking to trick people into disclosing their personal information.
• SMishing - It is a security attack that occurs on mobile devices and tricks you into downloading malware, which is a type of software that infiltrates a device without its owner’s consent. This type of attack is capable of damaging an information system.
• Business Email Compromise (BEC) - This is a special type of fraud that focuses on businesses that use electronic transfers to pay suppliers and others. Cybercriminals pretend to be a company executive in order to persuade businesses to make unofficial transfers.

Start with yourself Creating a good cybersecurity protocol requires certain measures that protect your business and your clients against threats, fraud, or third-party accidental access to the business’ information system. Regardless of the size or nature of your business, you must create a computer security plan that must include these three key elements:

• Confidentiality - Prevent information from being disclosed in an unauthorized manner.
• Integrity - Make sure that the information remains unaltered in the event of accidents or malicious attempts.
• Availability - Make sure that access to the systems is guaranteed.

Some protective measures don’t cost a dime and you can implement them immediately, so your employees can put them into practice:

• Establish controlled access to digital equipment.
• Make sure your computer programs are legally purchased.
• Set effective passwords that combine numbers, uppercase and lowercase letters, and special characters. Passwords should have a minimum of 8 characters and should be changed every 60 to 90 days.
• Tell your employees that copying or storing highly restricted or confidential information on portable storage devices such as USB drives is strictly prohibited.
• Have your employees periodically attend compulsory training on cybersecurity issues.

For additional specific security measures, such as buying technology products or storage space for your data, consult an expert; it will be a good investment. In addition, we invite you to click here where we share additional preventive measures to protect your business. This article is for informational purposes only and does not constitute an endorsement or guarantee of accuracy or applicability for any particular purpose. Neither Popular nor any of its affiliates, subsidiaries, or related companies shall be liable for any special, direct, or indirect harm stemming from the information contained in this article. Should you require further information or guidance on the subject of this article, you should always seek the advice of a competent professional of your choice.