Cyber attacks primarily target SMEs, but hackers can only hit a target if it is vulnerable. However, the first computer security breach in a company comes from its employees.
It is the responsibility of a business manager to ensure the security of the digital heritage of his company because his civil or criminal liability may be incurred in the event of a proven breach.
(see legislative texts on the subject at the end of the article)
The main vectors of cyberattacks in micro-businesses and SMEs.
Less Equipped With Security Systems and Therefore Much More Likely to Be Hacked.
- Insecure data storage and poor access and password management.
- The dangerous practices of employees due to a lack of awareness of the risks.
- Mobility and the multiplication of devices connected to the corporate network.
- Email, the primary mode of distribution of malware and ransomware and the preferred method for financial scams or password theft.
Here are the basic rules to secure your professional IT environment.
1 - Establish a security policy
Summarize in a written document convenient to all the security rules of the company's information system :
- Best practices for telephony, web and email security
- Rules for downloading and/or installing new software
- How to choose the right passwords, etc.
- The vulnerabilities of the computer system
2 - Make staff informed of the risks involved
We cannot say it enough: We must talk about it to employees, partners, customers, suppliers, etc. Raising employee knowledge of the risks of cybercrime is essential! The financial consequences of a cyberattack can be catastrophic for a company, and its first weapon is the education of its employees. To do this, the government system Cybermalveillance.gouv has distributed a Cybersecurity Awareness Kit for SMEs and their employees. Spread it around you, better to prevent!
3 - Back up your computer data
The digital heritage of a company is the foundation of its activity. The vital data of a company must be centralized and backed up daily on a local server (for more control) and remote in the event of physical disasters (theft/fires / bad weather). You can also opt for a simpler solution: A box present within the company and fully secure against physical risks.
4 - Secure the corporate network
The cyber attacks ( ransomware, malware, phishing, and other viruses ) are outside aggression it takes to hang with a firewall and a proxy that protect web connections. The cybersecurity of a company also goes through the protection of the local network, wifi access, electronic mail as well as any remote access.
5 - Protect mobile devices
- Laptops / tablets: with next -generation and updated anti-malware like total security
- Smartphones: Today there are antivirus and anti-malware for mobile devices. You should also remember to activate the automatic locking to prevent fraudulent use in the event of loss/theft.
6 - Protect personal data
The new European Regulation for the Protection of Personal Data (RGPD) requires the implementation of a privacy protection policy. It is therefore necessary to integrate a confidentiality clause in IT subcontracting contracts with IT service providers and Cloud providers (especially since the vote on the Cloud Act).
7 - Manage sensitive data
The private files of a company must at least be:
- encrypted during their backup (encryption of data considered sensitive under the law is mandatory)
- with access limited to authorized persons (connection through personal authentication).
8 - Secure the premises
The premises of a company remain its focal point. Physical access to offices and computer servers must be absolutely secure: Closed and controlled access with digit codes and other name badges for authorized persons.
9 - carry out security tests
Just like fire drills, data recovery tests (files, system images, servers, and operating systems) are necessary to prepare for future cyber attacks.
10 - Ensure business continuity in the event of a cyberattack
If despite all these measures the company is the victim of a cyberattack, it is possible to resume its activity in trouble and without paying the ransom. The solution? Anticipation! Setting up a Business Recovery Plan using specialized backup software can restore all lost or encrypted data in a few hours!
Comments
Post a Comment