There are only two types of companies: those that have already experienced a cyberattack and those that have not yet realized it. This is the starting point when discussing cybersecurity. There are no universal solutions, and the most effective rule remains “less is more”: fewer exposed surfaces mean fewer opportunities to be targeted.
Working from home or from the office no longer makes a big difference today: the attack surface for cybercriminals is everywhere. From home networks shared with smart TVs and baby monitors to corporate laptops connected to public Wi-Fi, every point can become an entry door. And while attackers refine increasingly sophisticated techniques, anyone using a computer for work — practically everyone — must keep up.
Cybersecurity has always been a race. Criminals innovate, institutions and companies adapt. That is why defense cannot be purely technical: alongside protection tools, a widespread culture is needed, the awareness required to avoid basic mistakes. A password left on a sticky note or a link clicked carelessly can instantly compromise both corporate and personal security.
Basic recommendations remain valid and, above all, universal. First: never trust unexpected requests. No company asks for credentials via email or phone. Second: avoid accessing sensitive data from unprotected devices. Third: never leave sensitive information lying around — from hastily written passwords to corporate badges accidentally shown during video calls. Then always lock devices when away, protect files and storage with passwords or encryption, use strong and unique passwords (preferably with a password manager), avoid suspicious attachments, and never connect unknown USB devices.
Updating systems and antivirus software, changing default Wi-Fi passwords, and choosing secure networks complete the list of best practices. A simple principle also applies: “less is better”. Fewer apps, fewer unverified programs, fewer exposed surfaces. The rest is handled by advanced technologies such as endpoint protection systems — including printers — or solutions like HP Wolf, designed to secure devices at their most vulnerable points.
If personal behavior is the first line of defense, in organizations the stakes are even higher. Information security is a process that combines technical, corporate, and organizational measures. The starting point is a thorough risk assessment: which assets are critical? Which vulnerabilities could stop production, disrupt supply chains, or expose sensitive data?
Operational continuity is the immediate goal. Even in the event of an attack — and it is now a matter of “when,” not “if” — companies must be able to continue operating. Updated and ideally isolated backups are essential, as well as redundant infrastructures, a constant inventory of devices, deactivated unused accounts, and access based on the principle of least privilege. In case of an incident, the procedure is clear: isolate the compromised system, preserve evidence, notify responsible teams, and begin recovery.
In the manufacturing sector, the issue is even more critical. Italy is the second-largest industrial producer in Europe, and a large part of its manufacturing system relies on connected machines. Here, security is not limited to computers but extends to production lines: adopting “cyber-safe” machinery with built-in monitoring and malware filters means protecting not only data, but the continuity of entire plants.
The truth is simple: no technology, however advanced, is sufficient on its own. Cybersecurity truly works only when responsible behavior, reliable tools, and strategic investment come together. In a world where every device is a potential entry point, the difference between a blocked attack and a devastating incident often comes down to a daily action — and a culture that finally puts security at the center.