Cyber-attacks have been increasing and are being used as a war weapon nowadays, and companies are often the victims and need to know how to protect themselves, part of the minimum security measures being legal and compliance.

In the context of technological and digitalisation, but also of geopolitical conflicts in recent years, threats to cyber security are much intensified, and the greatest danger in the business environment is for companies that carry out targeted activities such as: the banking system, the government system, the telecommunications system and companies that hold a large amount of citizens' data.

In Romania, just at the beginning of October, one of the largest providers of electronic signatures and digital certificates announced that it had been the victim of a cyber attack, and there is talk in the market that ransomware attacks have increased by almost 80% in 2023. That's why during European Cyber Security Month (ECSM) - October - it's important to popularise safeguards against cyber attacks and offer recommendations that can help businesses protect themselves.

While there is no blanket answer to the question "How do we protect our company from cyber-attacks in 2023?", there are minimum security measures that can be taken and we recommend 10 basic steps that every company should consider:

1.Implement cybersecurity policies and procedures. Establish clear procedures that you make known to all employees regarding security standards and policies (Examples: network access policies, password use policies, retention and archiving policies)

2.Educate your own employees. Conduct information and awareness sessions on security measures implemented company-wide among employees. Often phishing attacks damage companies because employees fail to recognise them and end up being duped.

3.Confusion about GDPR rules. Most of the time cyber attacks are aimed at stealing personal data. Implement additional measures on protecting personal data. Even if cyber-attacks do occur, the damage is greatly mitigated when personal data is safeguarded.

4.Implement a security incident strategy and action plan. Make sure you have a crisis management strategy: If you are faced with a major attack, have a crisis management plan in place to minimise the impact on your business.

5.Implement a network equipment security policy. Install the latest anti-virus, anti-malware and firewall solutions to protect your company's network and devices. Cyber threats to technology infrastructure range from phishing attempts and ransomware attacks to distributed denial of service (DDoS) exploits and Internet of Things (IoT) botnets.

6.Secure the network you use: Use firewalls, network segmentation and other techniques to limit unauthorized access to company networks and systems.

7.Control access to data and network: Implement strong authentication systems, such as two-factor authentication (2FA), to protect accounts and access to company resources.

8.Regular backups: Make regular backups of databases and keep them in secure and different locations.

9.Constantly monitor the effectiveness of the measures implemented. Make sure that the implemented measures are respected and stay up to date with news so that you can improve these measures.

10.Conduct an audit on the level of security within the company and work with IT experts to strengthen security measures.

(The 10 steps refer mainly to legal and compliance measures and not to technical IT measures, which are beyond our area of expertise).

Although cyber attackers are adaptable and mould themselves, always finding security loopholes, so you can never rule out this risk, it is important to protect your company from the most common cyber attacks such as Phishing, Ransomware or Malware by implementing these basic measures.