It is the responsibility of a business owner to ensure the security of the digital heritage of his company, since his civil or criminal liability may be engaged in the event of a proven breach.
(see the legislative texts on the subject at the end of the article)
The main vectors of cyber-attacks in VSEs and SMEs.
Less equipped with security systems and therefore much more likely to be hacked .
Insecure data storage and poor access and password management.
Dangerous practices of employees due to ignorance of risks.
Mobility and the proliferation of devices connected to the corporate network.
Emails, the main method of distributing malware and ransomware and the preferred method for financial scams or password theft.
Here are the essential rules to secure your professional IT environment.
1 – Establish a security policy
Summarize in a written document accessible to all the security rules of the company’s information system :
- Good phone , web and email security best practices
- Rules for downloading and / or installing new software
- How to choose your passwords , etc.
- The vulnerabilities of the computer system
2 – Make staff aware of the risks involved
We can never say it enough: We must talk to employees, partners, customers, suppliers, etc. Employee awareness of the risks of cybercrime is essential! The financial consequences of a cyber attack can be catastrophic for a company, and its primary weapon is the education of its employees .
3 – Back up your computer data
The digital heritage of a society is the foundation of its activity . The capital data of a company must be centralized and saved daily on a local server (for more control) and remote in the event of physical disasters (theft / fire / bad weather). We can also opt for a simpler solution: A box present within the company and fully secured against physical risks .
4 – Secure the corporate network
The cyber attacks ( ransomware, malware, phishing and other viruses ) are external aggression it takes to hang with a firewall and a proxy that protect web connections. The cybersecurity of a company also goes through the protection of the local network, wifi access, electronic messaging as well as any remote access.
5 – Protect mobile devices
- Laptops / tablets: with new generation and updated anti-malware
- Smartphones: Today there are antivirus and anti-malware for mobiles. You should also remember to activate the automatic lock to prevent fraudulent use in the event of loss / theft.
6 – Protect personal data
The new European Regulation for the Protection of Personal Data (GDPR) requires the implementation of a privacy policy. It is therefore necessary to integrate a confidentiality clause in IT outsourcing contracts with IT providers and Cloud providers (especially since the vote on the Cloud Act).
7 – Manage sensitive data
The confidential files of a company must at least be:
- Encrypted when saved (encryption of data considered sensitive under the law is mandatory)
- With limited access to authorized persons (connection thanks to personal authentication).
8 – Secure the premises
The premises of a company remain its nerve center. Physical access to offices and computer servers must absolutely be secure : Closed and controlled access with digital codes and other name badges for authorized persons.
9 – Do security tests
Like evacuation drills, tests to restore data (files, system images, servers and operating systems) are necessary to prepare for the next cyberattacks.
10 – Ensure business continuity in the event of a cyber attack
If, despite all these measures, the company is victim of a cyber attack , it is possible to resume its activity in the dark and without paying a ransom . The solution ? Anticipation ! Setting up a Business Recovery Plan using specialized backup software allows you to restore all lost or encrypted data in a few hours!
Have you validated all the points on this check list? Your activity is then protected against claims.
You have not validated all these points?