She is a journalist with many years’ expertise in cybersecurity matters, and she now also has a new book. Mónica Valle has just launched Ciberseguridad, consejos para tener vidas digitales más seguras [‘Cybersecurity, Tips For a More Secure Digital Life’], which is aimed at the average Internet user, although she herself has been involved with several of the world’s most important cybersecurity companies for years.

With such an extensive background, Valle is more than qualified to paint a picture of the current cybersecurity situation in Spanish companies. A situation in which, she believes, “WannaCry marked a before and after in terms of awareness. Large companies are already up to speed, because they’ve been dealing with this for a long time, and they already see it more as an investment, rather than an expense.”

In cases like this, “the problem lies with small and medium sized companies; for them, this does actually meaning finding extra money in the budget, something that isn’t always easy to do.” These companies have had the most catching up to do, and more still since the adoption of the GDPR, something that caught many of them off guard.”

Pending tasks for cybersecurity

For her, “there’s still a lot to be done” when it comes to corporate cybersecurity. Namely, “a lot of the time, people are reactive: nothing is done until something happens in another company. But in cybersecurity, this is a mistake; you need to be preventative and proactive, putting measures in place before something happens. With ransomware attacks, for example, when you get attacked, the damage is already done, and it’s going to be very difficult to recover anything; companies need to be aware of this.”

“It’s very important to know how to react,” she affirms, “Because once you know how to react, you can minimize the damage. Companies that still aren’t aware of how important prevention is in cybersecurity are also unaware of how important it is to react properly, or how important it is to ensure that any damage is kept to the minimum possible.

The fact remains, “those who want to attack you have countless options, and can do so from many sides, which isn’t easy to prevent. All the experts say the same: every company has been or will be attacked. This is why it’s vital to focus both on prevention and on knowing how to react.”

On the other hand, there’s a factor that makes protecting a company’s cybersecurity even more important: “These days, companies don’t just have to protect their information; they also have to prove that they comply with some basic cybersecurity rules. And what’s more, if they break the law, the fines are so much higher.”

Any company can be attacked

However, “there are companies that think they’re not ‘important’ enough to be attacked; but, isn’t your information important to you?  Without that information you’re nobody, and you wouldn’t be the first company to have to close down as a result of losing this information.  Whatever size company you are, any information that you hold is very important – at the very least, for you.”

Likewise, “it’s also important to bear in mind the reputational damage that an attack can cause. Cybersecurity is based on the trust of your clients, your providers, etc., so reputational damage is among the biggest risks for any kind of company.”

The key: employee training

Whenever we talk about cybersecurity, the same question always pops up: do companies that care about cybersecurity do so because of their own convictions, or because they’re scared and they fear what could happen to them? To what extent do awareness of the subject and concerns about the consequences of a cyberattack actually influence one another?

Mónica Valle has no doubts about her answer: “Many, it’s true, are scared. As there isn’t really much of a cybersecurity culture, many companies get scared because they don’t know about these subjects. But when they learn more about them, they train their employees and pull their finger out, leaving that fear behind.”

And that, in her opinion, is one of the essential things: “Training employees is vital. If an employee knows she mustn’t click on certain links received in an email, nine times out of ten, it will be enough to stop a cyberattack from happening, or to make sure that its consequences aren’t too serious”.

In the workplace, we can reduce this level of employee insecurity by using tools that allow us to halt an attack even before it happens. Advanced cybersecurity solutions monitor the organization’s systems in real time, detecting and stopping any suspicious behavior that could be harmful. Preventing attacks before they happen will help to reduce the stress that being the victim of a cyberattack can cause in an employee.