Security Guidelines
These security guidelines provide recommendations and best practices to protect your organization against cyber threats.
These security guidelines provide recommendations and best practices to protect your organization against cyber threats. These guidelines are designed to be practical and actionable, adapted to different organization sizes.
Company Information
- Identity: WHOAMI TECHNOLOGIES SL
- Tax ID: B70631098
- Address: Calle Picasso 47, Local 19, Palafrugell 17200, Girona
- Phone: +34 910 053 853
- Email: [email protected]
Introduction
Security fundamentals
Regardless of your organization's size, these fundamentals are essential:
Password management
- Use unique and complex passwords
- Implement two-factor authentication (2FA)
- Use a password manager
- Never reuse passwords across services
Updates and patches
- Keep all systems updated
- Install critical security patches immediately
- Establish a patch management process
- Monitor known vulnerabilities
Backups
- Perform regular and automated backups
- Verify that backups work
- Store copies off-site
- Test restoration periodically
Access control
- Implement the principle of least privilege
- Review and revoke access regularly
- Use network segmentation
- Monitor suspicious access
Email security
Email is one of the most common attack vectors. Implement these measures:
- SPF, DKIM, and DMARC: Configure these protocols to prevent email spoofing
- Spam filtering: Use spam and anti-phishing filters
- User training: Educate your team on how to identify suspicious emails
- Links and attachments: Verify before clicking or downloading
Web application security
If your organization uses web applications (WordPress, custom systems, etc.):
- Keep all applications and plugins updated
- Use HTTPS for all connections
- Implement web application firewalls (WAF)
- Perform regular security audits
- Validate and sanitize all user inputs
Monitoring and detection
Early detection is crucial to minimize the impact of an incident:
- Implement logging and security event monitoring
- Configure alerts for suspicious activities
- Review logs regularly
- Establish an incident response process
Regulatory compliance
Depending on your sector and location, you may need to comply with:
- GDPR: General Data Protection Regulation
- ISO 27001: International standard for information security management
- NIST: Cybersecurity Framework
Additional resources
For more information on how to protect your organization, check out our resources:
Contact
If you need help implementing these guidelines or have security questions, you can contact us through our contact form.