• Skip to primary navigation
  • Skip to main content
S2 Grupo

Spanish Company Specialized in Cybersecurity

  • Company
    • About Us
    • Governing Bodies
    • CSR
    • Awards and Acknowledgments
  • Specialization
    • OT Industry
    • IT
    • OT Health
  • Solutions
  • R&D+I
  • Talent
  • News & Publications
  • Contact
  • facebook
  • twitter
  • instagram
  • linkedin
|
en arrow down
  • es
© 2023 S2 Grupo
Corporate

The 10 most common cybersecurity errors in SMEs

24 Oct 2017
  • The company S2 Grupo has pointed out that the risks of not adequately protecting a business, regardless of its size, can be really high because at present the largest number of processes are connected to the network.
  • The consequences of a cyberattack to an SME can result from a loss of reputation, market positioning or theft of relevant data to putting in check the continuity of the business.
  • The lack of awareness of the real cyber-hazards that can stalk the SME and of adequate protection procedures are some of the most common mistakes that place them in a position of vulnerability to cybercriminals.

Valencia, october 10, 2017.- Although it is true that there is an increasing social and business awareness about the importance of cybersecurity and of adequately protecting all the processes of a business (it is already practically possible to remotely access 90% of them via Internet connection), the company S2 Grupo warns that this is still a pending task in SMEs. "In recent years, much progress has been made in the area of ​​cybersecurity, but small and medium-sized enterprises, and above all those that have just been created, continue to neglect certain aspects that could seriously jeopardize the continuity of their businesses. There is a real lack of perspective on the dangers that can threaten them and the consequences they could have", said José Rosell, associate-director of S2 Grupo. “Cuando una empresa no está adecuadamente ciberprotegida, es como si dejara la puerta de su negocio abierta toda la noche y se fueran tranquilamente a casa, permitiendo que cualquiera campara a sus anchas por él. Esto, que puede parecernos una barbaridad porque podrían desvalijarlo, es lo mismo que puede suceder si no se contempla la ciberseguridad desde el mismo momento de creación de la empresa por pequeña que sea”, ha continuado Rosell. "When a company is not adequately cyber-protected, it is as if they left the door of their business open all night and calmly went home, allowing anyone to go around freely about it. This, which may seem an outrage because they could ransack it, is the same thing that can happen if cybersecurity is not contemplated from the very moment the company is set up, however small", continued Rosell. The consequence of a cyber-attack on these businesses may be from the termination of business, loss of reputation, loss of relevant data, of weight in the market, etc. With the aim of paying attention to the cyber risks that could haunt these companies, so that they can be adequately protected, the team of experts of S2 Grupo has pointed out that the 10 most common cybersecurity errors in SMEs are the following:

  1. It is sufficient to install an antivirus or a firewall.- Evidently, few businesses regardless of how small they are lack an antivirus and, certainly, a firewall. However, this can give a false sense of security and be totally revealing technical processes that need specific protection.
  2. Believing that the information of your business is of no interest to anyone. - Any information contained in the systems regardless of who they belong to, are of great interest to cybercriminals because the data they obtain (email addresses, photographs, telephone numbers, etc.). ) have a high value in cyberspace. In addition, there is the error of underestimating the information that may be of interest to any possible competitor (accounting balances, prices, projects, etc.).
  3. Considering that computer engineers are the only ones responsible for cybersecurity.- It is very important to be aware of the fact that cybersecurity is an issue that all members of staff should be held accountable for. Correct action processes, proper management of incidents or the way legal requirements are addressed can avoid threats of social engineering or phishing, for example.
  4. Considering that cybersecurity does not require maintenance. - It is often believed that security comes from a product that is installed and that is all. This is one of the main mistakes. Cybersecurity is a process and, as such, requires daily maintenance carried out that will vary according to the needs of each department (updating of their knowledge, maintenance of systems, adaptation to new legal processes, etc.).
  5. Do not sign confidentiality agreements.- There are SMEs that consider that this is part of the big multinationals and it is a mistake. Confidentiality is also essential in this sector and must be guaranteed to anyone who has access to company information (employees, suppliers, customers, etc.) in order to protect it properly.
  6. Non-compliance with the LOPD.- Many SMEs are ignorant of their obligations in relation to this law. In order to guarantee the personal security of customers, employees, suppliers, etc., and to avoid penalties, it is essential to comply adequately with the LOPD.
  7. Lack of security in contracts.- In most cases the order form itself becomes the contract for the start of the service. This means that the document does not take into account services or clauses of confidentiality or that legal requirements such as the Organic Law of Data Protection (LOPD) are contemplated to safeguard the information that we are providing the supplier.
  8. Lack of network and systems security.- The security of servers and networks is key to protecting business information because they can create many vulnerabilities that allow cybercriminals to roam through the bowels of the business (databases of internal use accessible from the Internet, WiFi that allows access to the corporate network and is accessible from the street, systems not updated, maintenance of passwords of origin of the servers, etc.)
  9. Thinking that a threat to the company would always come from a "third party". Evidently, a cyber-attack on an organization can occur through external agents, but it must also be taken into account that a malpractice of the owners themselves or of employees can endanger the company. Opening a link from an email of unknown origin, inserting an infected USB into the computer, etc., are very common avenues of infection and can be set in motion due to negligence in the process.
  10. Offering services through the Internet and forgetting cybersecurity.- Online businesses proliferate every year and, because of their exposure to the Internet, are a perfect target for cybercriminals. Among the most frequent mistakes made by those who start, it is worth mentioning the non-compliance of the LOPD, the availability of forms that are vulnerable to attacks, misconfigured servers, etc.

More information: prensa@s2grupo.es  

  • fb
  • tw
  • in
Related Articles
Show all →
Corporate
Eight cyber risks associated with the use of wearables
Read more →
Corporate
The Fallera Mayor Infantil of Valencia her Court of Honor will inaugurate the first cybersecure Falla on Saturday
Read more →
Corporate
Investment in R&D, key to increasing the competitiveness of cybersecurity SMEs
Read more →

Follow us in our newsletter

Subscribe through your email to stay up to date

S2 Grupo
© 2023 S2 Grupo
  • Press Center
  • Legal Disclaimer
  • Privacy Policy
  • Cookie policy
S2 Grupo utiliza cookies propias y de terceros para permitir tu navegación, fines analíticos y para mostrarte publicidad personalizada en base a un perfil elaborado a partir de tus hábitos de navegación (por ejemplo, páginas visitadas). Clica aquí para acceder a nuestra Política de Cookies. Puedes aceptar todas las cookies pulsando el botón “ACEPTAR” o configurar o rechazar su uso pulsando el Botón “CONFIGURAR”
ConfigurarAceptar cookies
Manage consent

Resumen de Privacidad

Este sitio web utiliza cookies para mejorar su experiencia mientras navega por el sitio web. De estas, las cookies que se clasifican como necesarias se almacenan en su navegador, ya que son esenciales para el funcionamiento de las funcionalidades básicas del sitio web. También utilizamos cookies de terceros que nos ayudan a analizar y comprender cómo utiliza este sitio web. Estas cookies se almacenarán en su navegador solo con su consentimiento. También tiene la opción de optar por no recibir estas cookies. Pero la exclusión voluntaria de algunas de estas cookies puede afectar su experiencia de navegación.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
CookieDurationDescription
pll_language1 yearThe pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Necessary
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
_GRECAPTCHA6 monthsThis cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-analytics1 yearSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional1 yearThe cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necesaria1 yearSet by the GDPR Cookie Consent plugin to store the user consent for cookies in the category "Necessary".
CookieLawInfoConsent1 yearRecords the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
SAVE & ACCEPT
Powered by CookieYes Logo