While computer threats are on the rise, favored by telework, dematerialization and the massive use of SaaS and the Cloud, the risks are particularly high Belize WhatsApp Number for large companies and start-ups alike. The latter constitute targets of choice, because they are less well prepare. Less protected and they possess valuable data due to their hyperconnection.
As attacks are constantly increasing and increasingly sophisticated, the risks linked to the loss of income, trust, know-how to the competition or fines are indeed very real. “ It is your responsibility to explain that cybersecurity cannot be relegate to second place. It’s a job in its own right and a subject that needs to be taken care of,” said Tobias Rohrle, solutions engineer at Cloudflare, during his conference entitled ” The 10 Commandments of Cybersecurity for Startups ” during the Tech .Rocks Summit 2021 .
Usernames and passwords are gateways for hackers. You should implement a centralized password policy. “ It must define the duration of the expiration of the password, its complexity. The prohibition to reuse old logins and prohibit the sharing identifiers. Check that your passwords are not on databases that have already been hacked, via the Have I Been Pwned site for example.
The use of an identity provider (idP) is possible, as is multi-factor authentication, avoiding the SMS which is not encrypted, or even the use of a password manager. You can also set up access control in the broad sense (files, applications, networks, document sharing in the Cloud, etc.). Other best practices: do not allow administrator access to workstations and prohibit, or even limit, the use of personal terminals.
Map and React
You need to know your vulnerabilities and attack surfaces, such as obvious angles (public IP addresses) and gray areas. As well as new vectors created by remote working and cloud services. “ You have to put yourself in the attacker’s shoes: what can he see? It will use automated scans. The tools are legion on GitHub: Shodan, Security Trail… » Also use an event management tool (SIEM), which will allow you to detect to alert, while aiming for real time.