November 30, International Computer Security Day: this is how Fraternidad-Muprespa protects it

Every November 30, the International Information Security Day is celebrated, a date that has been commemorated since 1998 and that focuses on raising awareness about cyberattacks and computer crimes, as well as the importance of protecting personal data and information responsive.

Throughout this year 2024, Fraternidad-Muprespa has successfully passed two external audits within the framework of the international standard ISO 27001 and the National Security Scheme (ENS) according to Royal Decree 311/2022. These milestones reaffirm the entity's commitment to the rigorous management of information security and the protection of digital assets, which are aligned with the highest international and national standards.

The password management policy associated with the corporate credentials of the workforce has also been reinforced. This update includes the implementation of more robust requirements for creating, storing and renewing passwords, as well as the use of advanced technologies to ensure their protection. These measures seek to minimize the risks associated with unauthorized access and further strengthen the security of systems and data.

As Luis Martínez del Pino, director of the Information Systems Security Department of Fraternidad-Muprespa, explains, along these lines, technology is being successfully deployed for the implementation of two-factor authentication (2FA) in accesses from exterior.

“This is an additional layer of protection that combines the use of traditional credentials with a second verification factor, guaranteeing that only authorized users can access the systems. The deployment of this technology reinforces the Mutual's ability to prevent unauthorized access and safeguard our critical information. organization”.

Additionally, we have launched a new comprehensive process for the management and control of phishing attempts, thus reinforcing protection against this type of cyber threats.

In addition, Digital Certificates continue to be issued to employees, which enables them to sign documents electronically, as well as carry out different operations and personal procedures through the internet.

Other recurring initiatives have been carried out successfully, as del Pino recalls, citing, among other examples, “audits of access to sensitive data, ethical hacking processes, cybersecurity training for employee awareness, improvement of management policies and control of access to Internet sites, or maintenance and continuous improvement of the Comprehensive Management System”.

“All the initiatives described above”, concludes,

allow us to strengthen the pillars that support our operational efficiency, information security and quality at all levels.