In a previous article, we presented five questions to ask yourself and the actions to put in place in order to protect your activities and your employees from possible cyber attacks. As a reminder, our advices were about a good knowledge of your computer equipment, the backup of your data, regular updates, the use of an antivirus as well as the establishment of a good password policy. You can find the article by clicking on this link “Cybersecurity for small and medium-sized companies”.
Question 1: Have you activated a firewall?
A firewall is a computer tool (hardware and/or software) that protects data on a network. Installed on the computers of your company’s employees, it mainly protects against attacks from the Internet. If you have a corporate information system (IS), it can also slow down or limit the action of a malicious actor who has managed to take control of one of the workstations. Cyber hackers aim to take control of all the computers in your organization in order to access the entire system. That’s why it’s important to have a firewall on all your workstations. If you don’t know how to do this, don’t hesitate to call in the professionals.
Question 2: Is your mailbox secure?
The e-mail box is the main vector of infection for the workstation. Indeed, there are multiple attacks through a malicious email, with the opening of attachments containing malicious code or the click on a link redirecting to a malicious site (phishing). To avoid this, it is necessary to ask yourself the right questions: Do you know the sender? Are you expecting an e-mail from them? Is the link in the e-mail consistent with the subject matter? If you have the slightest doubt, don’t click on it and verify the authenticity of the message through another channel (call, SMS, etc.) with the sender. It is possible to raise awareness of phishing among your IT service users. In addition, it is essential to have an upstream antivirus analysis system to prevent the reception of infected files. The same goes for activating TLS encryption of exchanges between email servers and between user stations and servers hosting email boxes.
Question 3: How do you separate your computer uses?
The interconnection of IT tools with the Internet presents many risks. In order to avoid identity theft, data exfiltration from the company to the Internet, or even the detour of the company’s IS for malicious uses. It is best to apply a few tips to reduce these threats. In order to limit the risk of installing malicious code and gaining complete control of the computer, you should give each employee an account with “user” and not “administrator” access. As we mentioned in the previous article, when an employee leaves your company, consider revoking all of his or her access so that he or she can no longer access your information. Also, connections between users’ workstations should be forbidden by default. If a malicious code is set up on a computer, this good practice will prevent it from spreading to other workstations.
Question 4: Have you educated your staff about cybersecurity?
It is essential to set up a culture of computer hygiene with regular training of the staff on good security practices and the main threats that can affect your organization. For newcomers in the company, a charter with good practices could be given to them. For employees already in the company, a regular email could be sent to them. Also encourage your employees to report incidents with a simple procedure to follow. Regarding training for all employees, you can call upon an external provider specialized in cybersecurity. At MS Solutions, we offer cybersecurity training for employees that is accessible to everyone and does not require any technical IT knowledge.
