Since 2020, teleworking and digital project launches have exploded. Result: the surface of attacks on the computer systems of companies and administrations has increased. Risks can largely be limited by awareness and appropriate support for employees around cybersecurity.
Effectively inform employeesIt’ss on cyber risks
Contrary to popular belief, cybersecurity is not the sole responsibility of an IT department. Anyone in the company can be a gateway to an attack. It must be everyone’s business because the consequences of an intrusion can be dramatic: business stoppage for several weeks, loss of customer confidence with disclosure of personal data, fall in the stock market price, increase in premiums. insurance… It is therefore essential to establish safeguards, barrier gestures that are easy to understand. These best practices must be disseminated on all channels: display, intranet, Discord, Slack… But how do you make people aware of the seriousness of potential attacks?
Simulate attacks for (r)It’sto keep the conscience
Like a “crash test” in an automobile, carrying out a simulation of a computer attack in real time can create an electric shock and give the measure of cyber risk:
- Start a campaign by sending a fake email from phishing to all employees to assess their reaction. Then, the idea is to publish the statistical results (eg: 20% of employees clicked on the email link) to all employees, explaining the impact that their behavior could have had if it was not an exercise.
- Demonstrate live hacking with phone, computer and mailbox control in front of the entire company to raise awareness of the reality of the risk.
- Remind the company of the consequences of a possible attack by distributing the audit report to all employees.
Propose concrete actionsare around cybersecurity
Even informed, employees are often powerless when it comes to putting in place concrete measures to protect themselves. Management must be able to support employees by offering them actions that are easy to activate. Illustrations:
- Encrypt hard drives;
- Mandatory use of VPNs for employees working from home and roaming;
- Impose a strong password policy (12 characters, upper case / lower case / number / special character) and prohibit the mixing of passwords between personal and professional life;
- Make double authentication (MFA) compulsory;
- Protect workstations (firewall, antivirus, etc.);
- Systematically lock your session when you leave your post;
- Install privacy filters on screens (blackened screen to avoid prying eyes).
With a “step by step” protocol and the right tool recommendations, these actions do not require any technical skills from the employees and greatly reduce the risks for the company. Thus, cybersecurity can rhyme with efficiency.
By Clément DAVID, CEO and Co-founder of PADOK
Company specializing in Cloud and cybersecurity
Article written by
This text is published under the responsibility of its author. Its content in no way binds the editorial staff of Echos Solutions.