Tailored Cybersecurity Solutions Are Easysec's SpecialtyBy Andrea Villar | Thu, 12/23/2021 - 07:00
Q: Easysec specializes in designing and tailoring security solutions to suit the needs of its clients. What is the process for fully customizing a cybersecurity strategy?
A: The same tool does not always work for every company. You have to know exactly what the needs and purpose of each business are, whether it is data protection or equipment protection, for instance. As a provider, you cannot offer the same solution to a small company as a big one. Easysec specializes in creating customized cyber strategies alongside managers and business owners so that they can optimize their cybersecurity budget. Our first step is to meet with the client to understand what they are looking for and why. If they want to protect confidential files, we need to know exactly what areas they want to protect. When we talk about data protection, there are many pathways through which information can leak out that the client may have not even considered.
If we completely block access to some files without knowing who is working with them, productivity problems emerge and that is when people begin to see cybersecurity in a bad light. On the other side of the coin, one can block people from certain activities that they should not be doing but that have become common practice. This is when it becomes necessary to educate the user. They must understand what they can and cannot do depending on the company. For instance, we have clients that do out-of-court debt collections and they share information via WhatsApp. Explaining to them what information they can and cannot share is key. We cannot block access to information that they need to share with debtors because then you start to impact productivity.
Q: What would you say is the biggest gap in companies' cybersecurity strategies?
A: Often, companies do not even have a strategy. Many companies approach us because they must fill very specific regulatory requirements imposed by the Tax Administration Service (SAT), such as ISO 27001. This is also happening to companies that work in the financial sector because they are required to comply with security regulations. Often, businesses have no cybersecurity strategy and everyone in the company has total freedom to access the network. In those cases, we usually uncover documents that should not have been stored on their hardware and software that should not have been installed. After assessing each individual company, we generate a cybersecurity strategy that addresses their needs.
Q: What is Easysec’s approach to preventing data breaches?
A: When a company needs to protect information, we look at what they want to protect and how. It is necessary to have different approaches for information at rest, in motion and in use. If they are not aware of this, then we start to categorize and prioritize depending on the business. It is up to the business owner to decide the priority of each element.
Q: How can a company securely destroy data when they no longer need it or a customer requires them to do so?
A: There are different ways and tools that help to do that. There are some erasure standards and regulations that provide certainty that the information has been erased. There are tools to handle disk, data center, device or folder erasure. These tools delete the information several times to make it unrecoverable and issue a certificate stating the information was securely erased according to the required standards. A more aggressive approach to disposal is through asset destruction, which makes the information unrecoverable through other software.
Q: How has your approach to endpoint protection changed since the pandemic hit?
A: Before the pandemic, our strategy already involved uploading everything to the cloud. This helped us to cope with the pandemic. However, many other companies did suffer and had to do a lot of juggling to keep their equipment updated remotely.
Easysec is a Mexican company specialized in cybersecurity solutions that range from endpoint security and vulnerability assessment to awareness workshops