You wake up, as usual, to get ready for your job. When you want to take a shower, you immediately notice that energy has been shut down in the whole house. After that, you take your mobile phone, turn on the device’s light and look where to walk. But there is a surprise, your mobile phone looked discharged and turned off. You grope to hold on to the bed and look for the nearest window. When the first light in the sky looks over the streets, you notice there are people in pajama out on the streets walking and trying to understand what's going on. You go out, and after asking others, they tell you that basic services are shut down in all the town, including the internet and all types of communications. What’s happening? - you asked desperately.
No, it is not an alien invasion, it is not a zombie attack, and it is not a nuclear war either. It could be something worse, a cyber-war, looks invisible but like gravity, you can feel it everywhere. A few years ago, Russia's president, Vladimir Putin, assured that the next global potential would be defined in who would have the ability to control the networks and have enough skills, knowledge, and resources to win a cyberwar. The world now is hyper-connected. Every single human depends on the network, nobody escapes. During the last years, there has been an escalation between nations to reach the control of networks over enemies and even allies. Every day, nations and corporations are taking seriously this thread, probably more than others like climate change or terrorism. But the question is if this kind of thread could be prevented and talking from the business perspective, the emerging question is if it is something able to avoid or prevent for small-medium businesses.
In some ways, it looks like if the biggest corporations and public organisations are affected, there is no way to escape from a threat like this if you manage a small or medium business. On the other hand, for many startups or businesses, investing time and resources in these types of issues is not worth it. There are two types of thinking, one that believes that a small or medium business would never be a target for hidden organisations sponsored by governments, or another thought is that when the “tiger attacks, the tiger will bit for sure”, so, if there is part of a cyber attack, there will be no way to escape.
Both beliefs could be true in some way, but from a realistic perspective, there is another side to the coin. From one side, small and medium businesses are good targets for individual hackers or smaller criminal groups, but no less dangerous. In the past days, a guy from Romania was arrested in Mexico accused of being ahead of a criminal organisation in the southeast of Mexico to operate credit card cloning and theft of bank data from small businesses and individuals in tourist cities like Cancun. It means that nowadays any type of business are targeted by criminal groups, banks, clients and owner’s data could be stolen easily. And if the business manages a platform to receive payments or operate the business, it is more possible that this platform would become a favourite dish for this type of criminal. So, don’t believe you would never be targeted, every day your business is at risk, this is a war from different levels and dimensions, but unfortunately, we need to accept that we are vulnerable.
The second belief is that when the tiger attacks, there is no room to escape. It could be possible, some attacks are targeted at big companies like Google or Amazon where a lot of data is stored and trusted by other smaller companies. We could be involved in this type of situation; however, it is possible to prevent leaks of data, hacks to business platforms, and theft of bank information or money. What can we do then?
For years, our Bravelab team has been specialising in the creation and development of different kinds of web platforms, from standard ones up to complex ones that require a senior-level team, and lots of hours spent in coordination with different teams and key members. As part of years of experience, we share some essential and useful advice on how to prevent the damage of potential cyber-attacks. We called this a “corporate culture to make our daily life cyber safely”:
(01) Keep software updated.
- Turn on Automatic Updates for your operating system.
- Use web browsers such as Safari, Chrome, or Firefox that receive frequent, automatic security updates.
- Make sure to keep browser plug-ins (Flash, Java, etc.) up-to-date.
(02) Good password management.
- Use password manager applications to keep your passwords safer in one site and allow them to remember different ones for each site.
- For obvious reasons, encourage your work team not to use the same password for all apps and sites, you can use the browser password generator to keep different ones.
- Update passwords periodically, especially for those logins more used in your company, like email access, banking, contracts folders, etc.
(03) Train your team to identify suspicious emails.
- Give some workshops or sessions to train your employees on how to identify suspicious emails. Usually, some tricks help to see clear differences between real brand emails and fake ones.
- If your company has more than 50 employees and your main service is nothing about IT, you can hire security consultants or advisors to give brief conferences to your teams.
(04) Use mobile devices safely and wisely.
- Don't click on links or attachments from unsolicited or unknown emails.
- Only install apps from trusted sources like Apple AppStore or Google Play.
- Avoid downloading files from free resources unless you are 100% of the website. Remember the rule, “nothing is free in this world”.
- Keep the device's operating system up to date.
- Use Apple's Find my iPhone or the Android Device Manager tools to help prevent loss or theft.
(05) Be careful which sites you click on.
- In the same situation with emails, many websites are fake and use known brands to steal data or money. It is also common that many different types of viruses could be leaked when you click those sites.
- Train your employees to identify those websites, and teach them the basic security standards.
- Some companies integrate blocks and apps to block suspicious websites.
(06) Back up your data with cloud solutions.
- Invest in cloud solutions. These services can fit your needs depending on the size of your company and a load of information you require to save. Request at least 3 offers and evaluate pros and cons.
- Research from which countries are coming to those cloud companies and where are they based. Try to hire services from companies based in countries with the highest transparency policies and safest law frameworks.
- Ensure to make backups every day, in some cases where you have sensitive documents or relevant projects, ensure backups every hour or less.
(07) Invest in anti-virus/anti-malware protection.
- No matter the type of company you manage, number of employees, or even the operative system. Nowadays, it is necessary to invest in anti-virus systems.
- Compare prices and benefits of 2 or 3 companies. Request a demo and explore their advantages or cons.
This new decade that has just begun is moving us to create more complex and efficient platforms for new market and business needs. The world is already hyper-connected and new technologies and systems will make us use more advanced platforms where cybersecurity will be a transcendental issue to invest more resources. Making this investment properly could define the future of a successful business.
In Bravelab, our solutions help startups and corporations to develop and maintain sophisticated and helpful platforms that promote a safe environment for our clients safeguarding all investments in good hands
Are you interested in developing a safe platform for your business or corporation? Let’s arrange a call with our executives. We would be glad to find the best solution for you.
Roberto Cruz / Marketing Manager
Read more from our brave's writers
Comparison of the communication channels in remote work
Recently the vast changes have happened in the business world. The pandemic situation in 2020 has forced companies all over the world to build the process of remote work. The biggest risks companies face when working remotely are influence on employees’ effectiveness, engagement, and attitude, as well as the process of communication and knowledge sharing. Although it was very challenging in the beginning, now most of the companies looked at remote work from a different perspective. Not only people manage to work on a remote basis – they know how to do it effectively and beneficial. One of the most important decisions to make is to decide on communication channels. The article presents a brief overview of the main business communication platforms.
Automate repetitive tasks to improve your business performance
As it was presented in the previous article, people and organizations benefit from repetition because of its importance in learning. But there is also a negative kind of repetition, hurting individuals and organizations. You can deal with dull repetitive tasks by reorganizing them. Nowadays, digital work and processes are ubiquitous for many of us, therefore, automation of digital tasks is also a powerful tool. There are services, like Zapier, which provide you a way to create automation workflows and integrate various computer tools, with no programming required.
Performing SAML SSO using JWT in Django
When the Django application needs to be separated into front-end and back-end, and you want to authenticate your calls to your other platforms/services, the stateless JWT in pair with Django Rest Framework is a good choice. But what if you want to integrate single sign-on/single log-out with the other applications which are using SAML? Moreover, your application may be Service Provider and Identity Provider at the same time.