In today’s digital age, where information is one of the most valuable assets of any organization, cybersecurityCybersecurity solutions are essential in the current digital… has become an unavoidable priority for businesses of all sizes. Recently, a group of cybersecurity experts issued a series of comprehensive recommendations specifically aimed at companies with staff sizes ranging from 1 to 100 employees, although applicable to organizations of any scale.
The first line of defense: Strong and unique passwords
Experts point out that the first barrier against cyber threats begins with something as fundamental as passwords. “Strong passwords are the first line of defense to protect user and administrator accounts,” affirm the experts. It is strongly recommended to use unique and difficult-to-guess passwords for each account.
A suggested technique for creating strong passwords is to think of a long sentence and use the first letter of each word. Additionally, emphasis is placed on the importance of not reusing passwords across different services, such as email and online banking.
Two-step verification: An additional shield against intruders
Beyond strong passwords, experts stress the crucial importance of implementing two-step verification (2SV) for all corporate accounts, especially for administrators and users handling sensitive information.
“If a hacker manages to steal your password, with two-step verification you can prevent them from accessing the account,” explain the specialists. This system requires users to verify their identity using two factors: something they know (like a password) and something they have (like a physical key or a temporary access code).
It is strongly recommended that companies enforce two-step verification for administrator accounts and for users working with confidential data, such as financial records or employee information.
Preparation for the unexpected: Recovery information and security codes
Experts emphasize the importance of being prepared for unforeseen situations. They recommend that administrators add recovery information to their accounts, such as phone numbers and alternate email addresses. This allows for regaining access to the account in case of forgetting the password.
Furthermore, it is advised to generate and print security codes in advance. These codes are especially useful if a user loses access to their usual two-step verification method, such as in the case of misplacing a mobile phone or security key.
The importance of multiple super administrators
A key recommendation for businesses is to have more than one super administrator account, each managed by a different person. “This way, if one account is lost or its security is compromised, another super administrator can carry out the most important tasks while the main account is being recovered,” explain the experts.
This practice ensures operational continuity and significantly reduces the risk of losing full control over the company’s systems in the event of a security incident.
Security practices for super administrators
Specialists place special emphasis on the importance of super administrators adopting rigorous security habits. It is strongly recommended that these users log out of their accounts when not actively using them.
“Super administrators can manage all aspects of your company’s account and access all corporate and employee data. If you log into a super administrator account to perform administrative tasks and then do not log out, the risk of malicious activities occurring increases,” warn the experts.
It is recommended that super administrators only log in when they need to perform specific tasks and immediately log out afterwards. For daily administrative tasks, it is advised to use accounts with more limited administrator roles.
Keeping software updated: A necessity, not an option
Another crucial aspect highlighted by the experts is the importance of keeping the software used by the company up to date. It is recommended to enable automatic updates for applications and internet browsers for all users.
This practice ensures that systems always have the latest security fixes, thereby reducing vulnerability to new cyber threats.
Advanced protection for email and calendars
Specialists pay special attention to email security, one of the most commonly used tools and often one of the most vulnerable points in business security.
Enhanced message analysis
It is recommended to enable enhanced message analysis before delivery in Gmail. This feature allows for more effective detection of phishing attempts, a malicious practice that seeks to deceive users into revealing sensitive information.
“When Gmail detects that an email may be an attempt at identity theft, it can display a warning or send it directly to the Spam folder,” explain the experts.
Additional filtering for malicious files
In addition to message analysis, it is advisable to activate additional filtering for malicious files and links in Gmail. This extra layer of security increases the likelihood of detecting malicious emails that could go unnoticed with standard filters.
Setting up SPF
Experts emphasize the importance of correctly setting up the Sender Policy Framework (SPF). This security method allows for authorizing legitimate emails sent by the company’s users, reducing the likelihood of messages being marked as spam or bouncing back.
“If you do not set up SPF on your domain, your emails may bounce or be marked as spam,” warn the specialists.
Calendar protection
Another important point is the protection of corporate calendars. It is recommended to restrict access by external individuals to the company, limiting external visibility to free/busy information.
Secure management of files and documents
The security of corporate files and documents is also a focus for experts. It is recommended to limit who can view new files created by users, ensuring that initially only the creator can access them until they decide to share them.
Additionally, it is advised to set up warnings for users when they attempt to share a file with individuals outside the company. This measure helps prevent the accidental disclosure of sensitive information.
Special considerations for certain sectors
Experts point out that some companies, regardless of size, may require additional security measures due to the nature of their activities. For example, small investment firms, financial planning firms, or those handling medical information may have special legal, privacy, and security requirements.
In these cases, it is recommended to have specialized IT administrators responsible for implementing and maintaining these specific security measures.
Conclusion: Security as a constant priority
Experts conclude that information security should be a constant priority for all companies, regardless of their size or sector. The recommended measures, from using strong passwords and two-step verification to advanced email protection and secure file management, form a comprehensive set of security practices.
“Do not let security risks tarnish the success of your business,” warn the specialists. “Take the security measures described to better protect your company’s information.”
In a world where cyber threats are constantly evolving, implementing these security practices not only protects the company’s critical information, but also helps build a culture of digital security that benefits the entire organization.
Experts recommend regularly reviewing and updating these security measures, staying up to date with the latest threats and solutions in the field of cybersecurity. Only in this way, they affirm, can companies stay one step ahead of cybercriminals and ensure the protection of their valuable digital assets.