BUSINESS COMPUTING, The national media reports to us more and more regularly cases of cyber attacks on large corporations. We also observe this phenomenon among individuals and small businesses that we meet. THE CHALLENGES OF COMPUTER SECURITY
Cybersecurity is becoming more complex to understand and therefore poses a real problem for an SME / SME that can mobilize few internal resources to protect its IT. Theft or destruction of data, denial of service, financial scams, industrial espionage … so many attacks that companies are increasingly victims and whose consequences can be dramatic. It is therefore essential to implement an IT security policy without incurring huge investments.
IDLINE proposes 8 rules of good practice to limit the risks to your company and offers you the possibility of carrying out a complete audit on your computer security:
1. WRITE A COMPUTER SECURITY POLICY AND A COMPUTER CHARTER
The first thing to do is to put on paper the perimeter of your information system to protect. It is essential to determine which are the most sensitive and important applications for the continuity of your business in order to possibly limit the perimeter of the data to be secured.
The drafting of an IT charter enables the implementation of access monitoring mechanisms and makes your network users aware of IT best practices in the workplace by making users aware of their use of information technology. tools available to them as well as the sharing of any sensitive data on social networks for example.
2. CONTROL OF THE COMPANY’S INTERNET ACCESS
Each company’s Internet access point, whether at headquarters or at each remote site, is potentially a passage that a hacker will use to access the company’s computer system. In the case of a multi-site network, to simplify overall IT security, it is advisable to limit the number as much as possible, favouring a virtual private secure network (VPN) approach with a single secure Internet access at the heart of the network.
Difficult today to prohibit employees from surfing the Web, however, limitations can be achieved with firewall solutions. This makes it possible to perform an antivirus filtering on the contents exchanged with the Internet and to block the contents or questionable servers by being based on lists regularly updated.
Legally, it is the employer’s duty to filter out sites related to hacking applications, exchanging illegal download links or pornographic sites.
3. CONTROL WI-FI ACCESS
Wi-Fi terminals, sometimes unsecured, deployed in the premises of the company should be placed under surveillance. Often these terminals allow direct access to your network.
Depending on the reach of the terminal, the unprotected entry point may even be accessible from outside the premises. Controlling these access must be part of the company’s IT security policy.
IDLINE offers a centralized management solution for your Wifi terminals. Their power can be adjusted and control and logging of access will significantly reduce the risk of piracy.
In the event of a failure of the information system (IS), the possibility of restoring data preserves the activity of the SME. This ability to restore business data (on both servers and workstations) is the most effective protection against ransomware malware. The company can, in fact, continue its activity by recovering the data stored and updated regularly. It will then be necessary for these backups to be stored outside the company so as not to be encrypted in the event of an attack in the same way as the user documents.
What characterizes cybercrime is its permanent evolution. Indeed, hackers are full of imagination to find new attack techniques. Since security vulnerabilities are generally corrected in tool updates (firewalls and antivirus), it is essential to maintain all computer installations (applications, operating systems, etc.) even if this operation can sometimes appear time-consuming.
5. WATCH OUT FOR PERSONAL CLOUD APPS
This is an increasingly common behaviour against which companies must fight. There is a real security problem for employees to use freely available storage solutions on the Web. Companies have no control over the files that the employee files there, no way to know if he does not place this information in public access. Often these platforms are hosted in the United States, which poses a potential legal risk if it is personal data. Therefore, special attention should be paid to the security of applications.
Employees increasingly tend to host their business data in the public cloud. The company information then circulates on servers whose location is unknown. The company has no guarantee that the confidentiality of its data will be respected. Employees, who often use these accommodations for personal purposes, must be made aware of the risks incurred by the company via the IT charter.
IDLINE offers a file sharing solution, hosted in France, it is a system in which an administrator can keep the hand to delete if necessary the data that has been shared by a collaborator.
6. BE PREPARED FOR COMPUTER ATTACKS
Do not ask yourself if you are going to be attacked, but when it will be. Large networks of botnets tirelessly browse the Internet to find poorly secured servers and install their malicious code without the knowledge of their owners. To repel them, it is necessary to have on the internet access anti-intrusion devices, able to filter the malware, but also to foil the type of the most sophisticated attack 0-day or APT.
A computer system is never secure ad Vitam aeternam. New techniques of computer attack appear regularly and new flaws in software and equipment are discovered every day. A single parade: always keep its facilities and all of its application resources up to date.
You can also train your IT experts or use a managed security solution to simplify this problem, this is the type of solution that IDLINE offers. No technical knowledge is required for the company that uses the service and IDLINE will thus make available its technical strength to meet the needs of users.
7. EMPOWER YOUR STAFF WITH COMPUTER SECURITY TRAINING
The human element remains a weak link in a company’s IT security. Hackers use social engineering because it is often easier to implement than a cyber attack on a protected information system. The biggest companies have had to face the “scams to the president”, a simple phone call to an assistant where the presumed entrepreneur orders him to make a transfer abroad. Simplistic passwords used for all accounts and e-mail addresses, opening attachments from unknown senders, distributing confidential business information on social networks or infection of the IS with a virus introduced by a device personnel used in the course of professional life,
The first countermeasure is to empower the staff. Staff must be told what is the right behaviour to deal with threats of this type, facing a USB key found in the street, etc. Simple rules of behaviour allow foiling many attacks.
It is therefore essential to make them aware of all these forms of virus intrusion and other malicious acts and to inform them of the steps to follow in the event of the loss or theft of smartphone, tablet and laptop type devices. The company must empower its employees by informing them of the consequences incurred by the company in case of the vulnerability of its IS. The IT security of the company is the business of all its employees.
8. HOMOGENIZE AND MAINTAIN THE COMPUTER PARK
Enterprise IT covers a wide range of skills:
* Environmental: physical access, electricity, cooling
* Network: switches, routers
* Impressions: multifunction copiers / FAX
* Hardware: servers, hard drives/data storage
* Virtualization: the number of servers needed for an SME is growing, a virtualization layer is often implemented
* Operating system
* Authentication: LDAP / Active Directory
Can not secure a computer park when each PC has a different OS, different security software. For that, it is essential to carry out an inventory of your computer park. To secure it, a first step is to standardize the OS, the computer security settings and the protection software installed on each of them. Local firewall, anti-virus for business are essential on all posts.
Outsourcing your servers and their management allows a company whose IT is the business to manage complex layers that have no added value for your company without investing in different technical profiles to ensure the security and availability of your business. information system.