Cybersecurity risks in business: diversified techniques
Today, hackers are taking advantage of the growing digitization of companies to attack all structures. Multinationals, SMEs, VSEs, administrations: everyone perceives the risks of cybersecurity. According to the National Information Systems Security Agency (ANSSI), 52% of ransomware attacks processed in 2021 concerned VSEs, SMEs and ETIs.
The objectives of cybercriminals are varied: to recover data to resell it, to damage the image of the company, or even to earn money via a ransom. On a large scale, it can be espionage between large firms or even between countries.
Hacking techniques are developing as quickly as the digitization of companies. There are currently five branches of cyberattacks.
1. Ransomware (ransomware), which aims to encrypt sensitive files until a ransom is obtained.
2. DDOS (denial of service), an attack that blocks a website.
3. Supply chain attack, a cyberattack that affects a company’s logistics IT system.
4. Spyware, or spyware. It infiltrates a company’s computer files to extract information.
5. Social engineering, an identity theft technique. It encourages those trapped to divulge confidential information or make bank transfers. Phishing is the most common form of social engineering.
In 2021, 6 out of 10 companies experienced an impact on their activity due to a computer attack (CESIN annual barometer)
Actions to strengthen cybersecurity in business
Anssi also offers several reflexes and best practices to put in place to strengthen cybersecurity in business.
Make passwords as secure as possible
Securing passwords remains the simplest cybersecurity gesture to implement. However, this is one of the flaws on which fraudsters rely the most to infiltrate a computer system. A secure password is:
- a long and complex password (8 to 12 characters containing lowercase, uppercase, numbers and special characters) ;
- a unique password for each access, regularly changed;
- a password replaced at the slightest doubt of fraudulent use;
- a confidential password (no one should know it).
Perform regular updates
Device or software updates revise the security protocols of a computer system. A computer that is not up to date is more vulnerable and attracts the attention of hackers. Also, an update should automatically occur when the proposal appears on the device screen. Automated download options exist on all computers.
Finally, care must be taken to download updates only from the official sites of the publishers. This is because hackers also offer fake updates on the internet. A verification of the URL of the download site is necessary.
Back up your data frequently
Regular data backup is the best way to thwart a ransomware attempt. In addition, the backup protects against breakdowns, losses and possible deterioration of computer equipment.
The frequency of data backups depends on the activity and pace of work of the company. Depending on their size, backups can be made on a USB key, on an online storage service or on an external hard drive. Finally, there is also the possibility of saving the data on an FTP server or on a Network Attached Storage (NAS). This last option allows you to share files on a server that hosts several hard drives.
Protect corporate Wi-Fi access
A weakly protected Wi-Fi connection can lead to unfortunate consequences. Opportunistic or malicious people could infiltrate it to intercept data without the knowledge of the company.
The wired installation of Wi-Fi is much more secure and efficient than the use of Wi-Fi by access point. The best thing is to configure the Wi-Fi access point at the time of its first use: modification of the identifier, the password and the default access key. In the slightest doubt, these elements must be changed. Only company employees should have access to the login information. Finally, most internet operators offer a firewall function for their box. You have to make sure that it is working properly.
Use a powerful antivirus
Subscribing to strong antivirus software prevents most malicious files from infiltrating the computer system. Likewise, a properly configured firewall blocks unwanted connections from a computer. Antivirus should regularly scan the computer system and control external storage devices.
Stay alert, all the time
Employees must receive cybersecurity training in order to remain vigilant at all times in the face of potential computer attacks. They learn to recognize dubious links and attachments and to frequent safe websites. Similarly, employees have an obligation to dissociate their professional life from their personal life, especially on social networks.