The changes that information technology has brought to the world as a whole in recent years, and which it continues to bring at an accelerated pace and today, inevitably lead to massive interconnection and interdependence on all levels of human society, the fact unimaginable not more than half a century in the past. Of course, the benefits of the penetration of new technologies in almost all aspects of life, and even more so in almost all areas of the economy, are indisputable. Innovations in the field increasingly drive the development of industries and other economic activities at a pace of technological progress that has never been known in history before.

Advantages such as the unprecedented improvement of the quality of life, the easy obtaining of information from almost all fields, the efficient organization of work, the planning assisted by technology, the considerable reduction of time for the design of various civil and industrial objectives, the reduction of the difficulty of work for a large part of the employees, on the one hand, and the financial efforts of companies, on the other hand, the massive boost of research and development activities both in science and in practical fields, the automation of the processes of various devices and even the diversification of industrial robots were possible thanks to the information explosion from the field of IT&C.

But, all these advantages also know the other side of the coin. The price of the huge indisputable benefits brought by the new IT technologies is the proportionate increase in the risk to which both individuals and, especially, companies are exposed, which today widely use IT systems, applications and programs on which economic activity itself depends. The concept of cyber attack has emerged and developed as a reality that cannot be ignored in recent years precisely in response to the rapid development of the IT sector, and the countermeasures to the dangers raised by this consist in mobilizing, strengthening and perfecting cyber security.

You will learn more about the concept of cyber security in this article.

1. Computer and information security – concepts and needs of companies

Most modern activities, both business and leisure, are carried out with at least one online component related to IT&C technologies. For example, all banking services, online shops, commercial correspondence, data collection, manipulation and exploitation, social networks, etc. they can be the theater of cyber security breaches that can bring attackers into possession of confidential information or data with serious damage to companies and their customers.

Therefore, one of the main roles of cyber security is to ensure the protection of businesses, individuals and technological devices used in various work and life scenarios against breaches and unauthorized third-party access to data collected and stored using the Internet and various computer applications and programs, or even protect these applications or programs from attacks that may affect their operation or the purpose for which they were developed.

The concept of cyber security is identical to that of digital security because it refers to the protection, in addition to that of computer devices, and that of intangible “goods” or values, such as information or digital assets. Examples of such digital assets are: computer files stored on electronic storage media, personal data, sensitive business data, photographs, bank accounts, plans and even money.

Cyber security is, at the same time, also information security because the main purpose of this purpose and policies at the same time within an organization is to keep in a safe state the information that is not public and that should be managed or accessed only by authorized persons and for specific purposes.

The concept of cyber security has, in fact, gained such importance that it is also the subject of a strategy on a national scale, for each individual state. In the case of Romania, the national cyber security strategy defines this phrase as “the state of normality resulting from the application of a set of proactive and reactive measures that ensure the confidentiality, integrity, availability, authenticity and non-repudiation of information in electronic format , of public or private resources and services, from cyberspace.”

Cyber security is based on three big pillars:

• Confidentiality of data and information – which refers to the fact that sensitive data should only be accessed and handled by people who have an appropriate level of authorization.</li li>
• Integrity of data and information – looks at cyber security through the lens of using data that has not been “corrupted” with malicious intent or negligence. The use of real, secure data and information, to which only designated persons had access, is one of the essential steps towards a good level of cyber security.
• Access to information – which should be allowed only in necessary cases and only to authorized users. Also, access to information should be permanently protected against bad faith attempts to access it without permission using computer defense programs.

2. What is cybersecurity and why do we need cybersecurity in organizations?

The cyber security of organizations, whether they are private companies or public institutions, is a set of security methods and actions, behaviors, rules and guidelines that meet a set of criteria to avoid possible breaches and prevention of computer attacks.

Cyber security within organizations is necessary to ensure the operation of economic processes and activities, both those with a strategic role at the national level or in a branch of the economy, as well as those of lesser importance but which can suffer and propagate significant damages if suffers a cyber attack or major security breach.

For example, the cyber security of the control of the production and distribution of electricity or natural gas, of drinking water, of storage systems of strategic and reserve resources is particularly important to prevent the loss of control over facilities, their destruction or damage which can lead, in the alternative, to serious losses in the economy.

In another example, essential data from the range of contracts, trade secrets, plans and projects of industrial, military or public consumption prototypes can be stolen or made public with the consequence of producing financial or legal damages by companies that did not benefit from security cyber or that did not have sufficient measures implemented to prevent cyber attacks.

Awareness of the need for cyber security by all actors involved, from employees to the top management of organizations, is one of the most effective ways to reduce the risk of a breach in this area. It is good to know that the provision also works in the case of ensuring cyber security using less expensive resources and relying in particular on the implementation of good practices in the matter that do not involve, most of the time, the allocation of money or very large efforts.

The precautionary measures that an organization can take to implement or strengthen cyber security start from the creation of a uniform policy and standards, generally applicable guidelines and training sessions for staff in this area, and up to the use of technical solutions of protection and ensuring the security of IT systems.

Apart from these courses of action, organizations also have at their disposal insurance tools that can remedy and cover the damage suffered as a result of cyber attacks, as is the case with a Cyber insurance or can protect IT companies in professional or general liability as the case may be IT insurances applicable to both PFAs and micro-enterprises as well as large-scale companies.

3. Security of computer systems and information within companies

Strengthening cyber security within organizations is the only course of action that can be taken to prevent possible security breaches. Thus, creating a cyber security guide is a way to go for any company or organization that works with sensitive data or wants to protect itself digitally. This guide may contain provisions and modes of action related to network security, information security, computer security of servers, security of digital assets as well as a set of measures and modes of behavior of organization members.

Among these measures and modes of action can be listed:

• Constant updating of the computer programs used

Software installed on IT equipment, from desktop computers, laptops to tablets and smart phones can present various vulnerabilities especially if they are not updated to the latest versions from the manufacturers. Outdated programs are easier to “crack” and even emulate or hack with the most dangerous consequences, from phishing to the penetration of ransomware-type programs that block access to systems by demanding various amounts of money for unlocking.

• Implementing a backup policy

Digital asset backups or backups are a prudent way to approach cyber security. Especially in organizations, at least sensitive and business-critical digital data should be backed up. Where it is the case of operating business websites or, especially, online stores, with important and complex databases, backups made regularly are all the more important. For example, in the case of an online store, security breaches or site hacking or database destruction can mean a real disaster for the business. That is why it is essential that on the servers hosting online stores or even business sites there are methods and programs for constant backups and for quick and simple online recovery and restoration.

It is essential that the backups taken are not kept in the same place (for example on a single server or on computers in the organization). An additional cyber security measure is to save backups to external storage media (such as external HDDs or SSDs) which in turn can be restricted from unauthorized access with passwords.

• Implementing organization website protection

Websites and web applications of organizations that work with sensitive data – as is the case, for example, of online stores that work with customer data (names, email addresses, bank accounts, etc.) must be additionally protected against potential cyber attacks and risks.

One of the basic measures for cyber security in this area is the implementation of SSL certificates that constitute a filter and a barrier against attempts to clone or steal data. In fact, the main search engines have even started a policy of penalizing sites that do not have SSL certificates precisely to boost the growth of cyber security in the online environment.

• Implement a strict password policy

Within the organization there may be many cases where access to some computer data or even to the use of some IT equipment are restricted by the use of passwords. Furthermore, e-mail applications and servers hosting websites and business-specific applications always rely on the existence of one or more passwords.

The most common current mistakes of most users are using simple passwords and using the same passwords for multiple applications. Although passwords are one of the cheapest and easiest ways to provide a basic first level of cyber security, setting complex and different passwords for each domain of use is often overlooked in especially because of convenience. However, with the help of specialized password management and generation programs, this preventive course of action can be easily adopted.

At the same time, access to the sensitive data of a large organization should not be universally allowed to all employees. One of the cybersecurity measures that can be implemented only through simple decisions is to differentiate access to sensitive data by different authorization levels.

So cyber security is starting to be more than just an option that organizations may or may not address. With the unprecedented development of online environments, cyber security is already an obligation of every organization that accesses, handles, stores or collects sensitive data and information. At the same time, awareness of the dangers and risks of limitless online exposure should be a constant concern of every user, and adopting a preventive behavior in this regard could reduce the incidence of cyber risks globally.

Photo source: Pixabay.com