More than thirty years have passed since November 30 was designated as International Information Security Day, a date close to the days of greatest online consumption and highest incidents on the web.
Currently, although cyberattacks do not receive much media attention, they are more common events than we would like and they cause more legal problems than want to admit. Now that most companies concentrate all their sensitive information through local or remotely rented servers, with employees working from home with devices of different characteristics and in the cloud, it's important that you know how to prevent and act in the event of any incident.
Usually, computer security remains in the hands of the IT area of your company, but you have to consider that each of the members of your organization makes use of information through countless devices, such as their personal cell phones or laptop, which is why they are involved in cybersecurity it’s essential to minimize risks.
Here are some basic recommendations for Information Security:
Use long, complex passwords. Send a reminder to change them at least every six months.
Use two-step authentication on all accounts.
Don't use public internet connections to access your business accounts.
Have a backup of your company’s information: cloud, external server, and local server.
Be aware of updates and make them on time, they usually have bug patches located.
Install apps only from official stores.
Watch what you download through your email.
Install and update an antimalware solution on your computers and phones.
Fortunately for those who have implemented an Enterprise Resource Planning (ERP) in the cloud like Odoo in their company, the storage of information is more secure on such a server than within the same company for several reasons: your cloud ERP provider is responsible for storing and ensuring your information is safe; they have several physical storage spaces; they reinforce security with limited access even for their staff.
Even though the use of Odoo is safer than a local ERP, we know that your information is handled, sent, and modified by humans, that’s why at Vauxoo we prepare this short guide of good practices of information security to implement in your instance and thus avoid loss of information.
1. Prepare an information security team.
Technical team: usually your IT staff and security members.
Project executive: in charge of the overall view of security priorities.
Incident response coordinator: this person will be responsible for notifying actions to be taken in the event of a mishap.
Media coordinator: normally the person in charge of marketing or public relations will be responsible for making the public aware of the conflict that is being experienced. It’ll determine the right actions and platforms for this.
External consultant: in case the incident goes beyond your company's capabilities, it’s important to hire a third party to support you in resolving the conflict. Remember that in Vauxoo we can provide support and advice when you need it.
Legal consultant: if the incident goes beyond a simple failure and has legal repercussions listen to what your lawyer has to contribute and make thoughtful decisions. Do not hesitate to request support from third parties.
2. Create a response plan for information incidents.
Introduction of the plan, and goals.
Roles and responsibilities.
A detailed list of possible incidents that will require attention.
Detection, investigation, and particular procedures.
Steps for the eradication of incidents.
Details for post-incident recovery.
Legal inclusion notification plan.
Follow-up of reports, documentation, and information obtained from each incident.
Contact list of team members as well as external involved.
Testing of possible scenarios.
Historical review of incidents.
3. Define the right strategy.
By following these recommendations you will be able to keep your information secure. Do you want to keep your company safe?