Cybersecurity within businesses

When it comes to security risks and errors, businesses often fall victim to assumptions and oversights. The reality is
that the protection of information and applications is always evolving and, as criminals find new ways to exploit
weaknesses, it's tough to stay one step ahead.
Instead of businesses positioning themselves as "easy targets" by managing data and information loosely, it's best
to have policies and processes to secure networks by creating a culture of security. Here are some suggested
practices to put in place within your business environment:
Patching your servers and PCs with automated security updates is a critical security control since cybercriminals
will look for unpatched vulnerabilities without the user's knowledge to exploit and gain access to systems. This is
often the method used to infect users who visit a website with malicious code embedded in an ad. It could be fixed
by using an automated patching tool or service to ensure security updates for operating systems and common
applications are updated on a regular basis.
In the past years, Microsoft discontinued support for two widely-used operating systems: Windows XP for desktop
PC’s and Windows 2003 for servers which no longer provided updates for Windows XP or 2003 which meant that
new vulnerabilities were found by criminals in these operating systems.
So keep in mind that even though with patching in place, there will be no enough updates to apply which places
your system at the mercy of potential attackers. It is also highly likely that any security audit of your network would
not pass. More recently, one of the largest malware attacks crippled organizations who were still running Windows
XP utilizing a system with an unsupported OS. This is a risk you surely don't want to take.
Upgrade to a currently supported OS like Windows 10 for desktop PCs. Alternatively, evaluate if your Windows
servers' current function could be better achieved with a cloud solution like Office 365 before upgrading to
Windows Server 2019 latest version.
But backing up of your data are increasingly facing threats. So be sure your backups are running and secured
offsite. Not only do you need to protect data from a hardware failure, loss, or natural disaster but, you also need
to protect it from a cyberattack which could encrypt that data. Your options are to restore from a good backup or
pay very huge ransom which is now escalating into extortion.
Using a business class backup (not a USB drive, for example) and regularly checking to ensure the backup is
working properly are great and good ideas. Also be sure that backups are stored offsite in an encrypted format to
minimize risk of a data breach due to lost or stolen backup media.
Firewalls are critical IT assets that are oftentimes forgotten because they are hidden in a computer room or closet.
Despite the fact that they continue to work seamlessly, regularly evaluate what you have and whether it's up to
standard.
Most firewalls have two components: hardware and software licensing. If you have had a firewall for more than
five years, ask yourself if the hardware is still supported by the manufacturer and if the licensing is current. If not,
you and your network are open to unnecessary risk.
Part of annual IT planning should be understanding the age and licensing requirements of critical network
components like your firewall. If you don’t know or doubt how to manage, it’s worth checking it with your firewall
vendor. A lot has changed in the past five years and it might be time to obtain a more capable and current firewall.
There is a growing requirement to encrypt emails containing sensitive personal and identifiable information (PII) as
well as personal health information (PHI) from state laws to federal regulations like HIPAA (Health Insurance
Portability and Accountability Act - norma de confidencialidad de la Ley de Portabilidad y Responsabilidad de
Seguros Médicos).
A common data breach occurs when an email containing PII is accidentally sent unencrypted or to the wrong party.
An additional risk is being out of compliance with state laws related to securing consumer information.
If you regularly work with PII or PHI, you need to implement an email encryption solution. The best approach is to
have a solution in place which will scan for PII, thereby forcing encryption.
1. Describe the risks of not having “patching in place” and the proposed solutions mentioned and those you
would put in practice as well

2. Mention the backup and recovery methods mentioned in the text

3. When and how could emails be in jeopardy? Describe.

4. Which could be the way to avoid personal identifiable information be made safe?

5. Explain in your own words the data shown in bold letters and underlined words