The Covid 19 situation accelerated the online presence of companies. In a pandemic, scenario companies had to adapt to survive and the main adaptation was to increase online presence, mainly through e-commerce, since in most businesses the physical store was not an option.
The result is that more data (public and private) is now available in the cloud. As the number of data increases, so does the responsibility to protect it, so businesses must review their cybersecurity policies to ensure that the processes and technology they implement are effective.
The success of a business depends on knowing the needs of its customers now and in the future. By being able to profile its customers, a company can offer a personalized service, improving the customer experience, which translates into more sales and loyal customers. In addition to cross-referencing different information to create the customer profile, the difficulty increases when different types of data are located on different platforms and server locations. You should know the exact location of each type of data to protect it properly.
1- Account: personal and transactional data, such as name and address.
2- Location: physical location (cell phone location) and viral location (IP address).
3- Browsing: browsing habits (what? when? where?)
4- Profile: third-party data, such as demographics and social media.
Anticipating is better than reacting, so there should be a specific budget for cybersecurity measures.
The budget should contemplate prioritization of threats, estimate their cost to the organization and identify the protections against the threats.
This budget should remain intact and robust, since preventive measures are much more cost-effective than the costs that a cybersecurity attack could cause.
The movement of data from one location to another, such as from server to mobile is exposed to various security threats.
By encrypting the data, we give it extra protection during its circulation, which can only be unlocked on the terminal with the decryption key.
Encrypting means carefully walking the line and between privacy and ease of use.
Usually, when we think about threats and security data, we only consider the risks after the data is collected. However, self-scanners and self-point of sale (POS) systems increase the risk of a surface attack. Although POS malware attacks are decreasing, they have still considered a risk that organizations must protect themselves against.
In addition to directly scanning POS systems and using anti-malware on all terminals they should also employ network segmentation to limit any damage from a surface attack breach. If there is an attack on the POS system, it will be contained in a very small part of the network that does not intersect with sensitive data. Through cloud firewalls organizations gain more protection and control over their segmentation. Other protections for kiosks and POS systems include installing all patches immediately and changing default passwords.
Most security incidents are the result of employee negligence.
An organization's IT team should be responsible to raise awareness and training employees on how to protect themselves from cyber threats. Starting by explaining how an employee can check the veracity of an email (one of the main ways malware spreads).
By including cybersecurity best practices in your organization, you can improve employee training and reduce the risk of cyberattacks.
Make sure every device (desktop, mobile...) has a newer version of malware protection.
Limit the use of devices external to your organization in your space, so you can maintain control.
By making their data available, customers are putting their trust in a particular organization. It is up to organizations to protect their data and improve their experience based on the information provided. Remember that cybersecurity is a must for an organization from the moment it has an online presence.