Cyber attacks have multiplied in this period. The reason is simple: there are many more inexperienced users forced to use IT tools, but without knowing the risks of lack of attention to security issues. Sessions left open on platforms linked to payment instruments, personal data and regulatory procedures. Trivial and repeated passwords for multiple accounts of different services. Mixing corporate and personal devices and accounts. These are just some of the examples of unfair practices most common that are exploited by cybercriminals.
For this reason, the National Council of Engineers, through its main organ in the Information Engineering sector, has seen fit to disseminate some general recommendations, but which are sufficient to achieve a minimum level of protection against the most classic cyber attacks.
The first rule is to equip yourself with an indispensable protection tool such as a antivirus, but having it installed on your computer is not enough. You need to update it constantly, checking that the definitions for new viruses are correctly added to the protection. Secondly, it is of the utmost importance to keep a copy backup of your most important data. If in doubt, it would be advisable to make a complete copy of all your files on a separate and external device to the device you use for work.
A separate discussion deserves the File sharing. In this period there are many users who give in to the temptation to download movies, music, software and more from public file sharing channels. Not all of these platforms are legal and not all of them are safe. Unrecognized ones should be absolutely avoided, also because they are not very reliable.
Le Password they must be robust. It is necessary to abandon the typical approach of those who see passwords as a useless and boring IT bureaucracy. These are the "house keys". Not wanting to have it is equivalent to leaving the front door open. Having "short" and "easy to remember" ones is equivalent to using a lock that can be opened with a passepartout.
Le Email and WhatsApp messages are the most dangerous vehicle. Anyone who is not used to identifying phishing attempts runs the risk of clicking on the links offered in these messages and finding themselves on sites that are indistinguishable from the real ones that capture our data with our complicity. For those who know how to do it, it would be advisable to use – not only in this period – cryptographic systems of e-mail messages.
In the business environment, the recommendations are on the importance of adopting systems log analysis of access to applications by employees and on the monitoring of sensitive data through systems of Data Loss Prevention. For the rest, the same indications for private individuals apply.
Continuous training is also indispensable, i.e. theupdating frequent staffing on new cyber threats and the invitation to comply with the rules of company policy in terms of IT security (many use company accounts and instruments for private purposes and this exposes the company to intrusions and tampering as well as violation of company privacy).
After the emergency phase, the C3I suggests three broader initiatives:
- Awareness campaigns on a national scale, through the main media, to inform about cyber threats and the concrete risks they entail for the life of the community.
- Working groups ad hoc, at Civil Protection, Defense and Interior level, for the implementation of crisis scenarios in the event of Cyber attacks on a national scale.
- Strategic Technical Committee which includes, in addition to the DIS (Security Information Department) and the competent Ministries, also the representatives of Universities, specialized companies and professional bodies, as well as European agencies such as ENISA and Europol.
