• Cybersecurity is essential to guarantee the survival of any organization in today's highly threatened digital environment. We must focus our efforts on protecting information assets against increasing threats that can compromise our confidentiality, integrity and availability. A good starting point is the adoption of an Information Security Management System based on standards such as the one proposed by the ISO/IEC 27001 standard, which will allow you establish a roadmap to effectively manage security risks and demonstrate compliance with the highest international standards.

  • This proposal combines perfectly with the activities derived from compliance imposed by European and Spanish regulations such as the Network and Information Systems Security Law (NIS2), the National Security Scheme (ENS), the Digital Operational Resilience Act (DORA), or the General Data Protection Regulation (GDPR) and the Organic Data Protection Law (LOPD).

    As a summary, we list below the main activities that will probably arise when you start the initial analysis process.

dropdown content

Systems security

The organization's operating systems and applications must be kept fully up to date, otherwise a cybercriminal could exploit an unpatched vulnerability to gain access to the systems and steal information.

Antivirus, EDRs and other antimalware solutions

Endpoints and servers must have appropriate security solutions, such as antivirus and EDR technologies, that help block the main threats that users suffer daily.

Backups

Backups should be made regularly, and hosted in alternative locations. Otherwise, a cyber attack could affect the backups and render them unusable.

Password policy

A robust password policy should be adopted, avoiding the use of easily guessable credentials. Likewise, the use of identity management solutions is recommended to facilitate its administration.

Two-factor authentication

Two factor authentication (2FA) should be activated whenever possible. This limits the possibilities of a cybercriminal being able to successfully authenticate with passwords stolen and/or exfiltrated through information leaks.

Supplier Security

Secure procedures for payment of invoices to suppliers must be implemented, validating all of them through a second channel, such as, for example, by telephone. The cybersecurity team should be alerted to any hasty changes in bank account numbers, so that they can investigate the suppliers' emails and identify possible identity theft. Likewise, special care must be taken with account changes where the branches vary from country to country. This can be easily verified through the first letters of the IBAN. If you experience a CEO scam, immediately contact a cybersecurity service like Zerolynx to advise you on how to stop the scam and prevent it from happening again.

Management and control of mobile devices

MDM solutions must be implemented to adequately control the organization's portable devices, such as mobile phones and tablets. Likewise, the installation of non-corporate applications and unofficial markets should be blocked to reduce the risk of installing infected APPs.

Validation of corporate applications

Before installing any new application, it should be reviewed in a test environment, in order to verify that it will not negatively affect the network or the environments stability. Once the tests are completed, the application must be deployed and maintained following corporate procedures.

Likewise, if you have lost any type of information from any of your computers or devices, try not to use unknown recovery solutions that may be advertised over the Internet. Many of them are adware, fake security tools that will try to steal your data or request money from you in the false hope of recovering your contents. Contact an expert forensic data recovery service like Zerolynx, which has the necessary tools to recover information from a multitude of devices.

Conscience

Malicious emails and SMS must be controlled, carrying out awareness sessions to prevent users from clicking on links to access fraudulent pages, or downloading infected files. They are two of the attack methods most used by cybercrime.

Locks due to inactivity

Corporate computers should be automatically locked and prevented from being unlocked without the use of passwords or other authentication factors, in order to limit the theft of corporate information in the event of loss or theft.

Software no original

The installation of pirated software should be prevented. These types of applications are generally infected by different types of malware and could open backdoors to cybercrime.

Ransomware

If you find yourself under a cyber attack, such as ransomware that is encrypting your network of computers, try to modify the environments as little as possible, and never delete and reinstall the computers. Even if you have encrypted a large part of your fleet, it is possible to recover certain information from disks and volatile memory. In addition, all systems store logs (data records), which will allow us to investigate what happened. In these catastrophes, always try to isolate the environments to prevent the threat from spreading throughout the network, and call an expert service like Zerolynx to deal with the contingency, help you find the entry route and carry out the necessary forensic studies, advising you, if necessary, on the prosecution of the case.

Do you have an urgent need?

In our online store you can purchase different cybersecurity services that do not require an estimate of scope by our technical team, for example, our Forensic Triage service after an encryption incident with Ransomware.

Browse to store