The number of computer attacks is constantly evolving: data theft, ransom demands, image damage… This often has serious or even irreversible consequences. Small and medium-sized companies are the most affected because they are seen as more vulnerable in the eyes of cyber hackers. However, the application of good practices and the implementation of measures can reduce the risk of attack and reduce the impact in case of a cyber attack. Ask yourself the right questions and put actions in place to protect your business and your employees.
1 – Do you have a good knowledge of your computer equipment?
In order to properly protect your business, you need to take an inventory of the hardware, software and data that contribute to your business and growth. This includes computers (and their peripherals such as printers), cell phones, tablets, local servers, remote servers (website hosting, email services, online software services, etc.). Concerning your software, you must make sure that you have valid licenses, which are essential for their maintenance. At the same time, it is important to make an inventory of the accesses to the different interfaces/data. This inventory will allow you to verify that no access is maintained to former employees or former partners and thus limit the surface of exposure to threats. Once these inventories have been completed, you can put in place appropriate protection measures or call in a cybersecurity professional.
2- Do you make backups of your data?
By making regular backups, you will be able to resume your operational activities more quickly in case of an incident. You must identify the data that is essential to the continuation of your activity, which can be a customer file, technical data, data on manufacturing know-how, etc. You must also set up a backup routine every day, every week or every month and respect it. The backup of your data is very important, whether it is “Offsite” or “Offline”. Offsite backups are a way to secure data on a server or media in a different location than the main server. Offline backups, on a tape or hard drive, prevent a crypto from accessing the data and rendering it unusable. Using both can be a good idea as the physical media could be stolen or destroyed and the cloud service could be exposed to the risks of intrusion (note that data encryption can limit this). In both cases, it is essential to perform a test to verify the viability of a possible restoration.
3- Do you regularly perform updates?
It is essential to update operating systems and software as soon as security patches are made available by their publishers. In order not to be negligent or forgetful, it can be useful to activate the automatic updates proposed by the editors. However, in addition to these regular updates, sometimes in the event of the detection of a vulnerability whose criticality does not allow you to wait several weeks for the deployment of a patch, the editors can carry out updates out of schedule. It is therefore important to remain vigilant! Also note that all software that can no longer be updated must be uninstalled.
4- Do you use an antivirus?
The basic rule is to deploy an antivirus on all your equipment, prioritizing those connected to the Internet. To do this, you can use commercial antivirus software that offers automatic updates and automatic scanning of storage spaces. In addition, when purchasing an antivirus, it may be interesting, depending on your uses, to subscribe to the additional features offered by many software publishers such as a firewall, Web filtering, a VPN, anti-phishing and banking transaction security tools. For your antivirus to work optimally, it is necessary to keep your software up to date, because without it, the protection offered by the latter will be reduced.
5- Do you have a good password policy in place?
Attacks on the Internet are facilitated by choosing passwords that are too simple or reused from one service to another. If a malicious person manages to find your email password, they could send malicious emails without your knowledge and perform phishing techniques. A good password policy can be implemented by making users aware of the risks of choosing a password that is too easy to guess. For this, you can offer them cybersecurity training. MS Solutions offers cybersecurity training to develop your team’s skills to identify and manage cyber threats.
We will see in a future article, other questions to ask yourself in order to protect your company from cyber attacks. In the meantime, don’t hesitate to contact an expert to discuss your cybersecurity issues or to take a cybersecurity training course.
