Best Practices To Protect from Hackers
Due to lack of time or resources, SMEs neglect the risk of hacking. Some common sense rules, however, are enough to partially ward off threats.
Losing data after a computer attack can have serious consequences for a start-up or an SME. The company may never even recover. Website piracy, USB flash drive, password theft, spyware hidden in attachments … Cyber threats are more and more common. What are the simple rules to protect yourself? The point with Stéphane Dahan, president of Securiview, a company specialized in the management of computer security.
1: Identify the most sensitive data
That is to say, know precisely what information to protect in the company . There is no need to put barriers everywhere indiscriminately.
Whatever their form (mail, paper, file), ask yourself the question: what are the most sensitive data and what is the probability of being stolen? ” Then you have to locate them. Messaging, Dropbox, phone, as many possible avenues for information that has value. “
2: Update the systems and back up
” Do not forget to regularly update its antivirus and information systems. We too often see companies neglecting this aspect, “says Stéphane Dahan. Do not forget to save your strategic files periodically . ” Ideally, they have to be stored in several places. If a server is burning, you will be able to find them elsewhere . “
3: Ensure the confidentiality of key data
Inside the company, make sure that only employees who need sensitive information can access it. For example, passwords or encryption keys are only assigned to those who need to know them .
4: Set and enforce the password policy
Attention in the choice of passwords! This is often the Achilles heel of information systems. ” Avoid choosing the most boat like abc123 or 12345, a bad habit more common than it says, ” insists Stéphane Dahan. Ideally, set rules for choosing and sizing passwords and renewing them regularly .
5: Protect mobile devices
Mobile stations are potential access points for hackers. According to ANSSI (National Agency for the Security of Information Systems), they must benefit from at least the same security measures as fixed stations. Although this represents an additional constraint, the conditions of use of nomadic terminals even require the reinforcement of certain security functions.
6: Make the team aware of the risk of piracy
Periodically, remind your team of some basic rules: do not disclose passwords to a third party, do not bypass internal security features, avoid opening the attachment of a message from an unknown address, etc. Awareness must also focus on the use of social networks .