CLIENT TESTIMONIAL

1- Could you briefly introduce yourself: your company, your position and your responsibilities?

​

"Hello, I'm Céline Fages, Director of Présantis (previously Alpes Santé Travail) in Grenoble. Présantis is an inter-company occupational health and prevention service. We're based in the Isère region, we look after around 60,000 employees and we have around 5,000 member companies."

 

 

​

2- For what type of need did you call on CyberSecura? What was the trigger?

​

"I came to know CyberSecura through another occupational health and safety service, which also works with you.

 

In March 2023, we were the victims of a cyber attack. And in order to manage the event properly, we needed to be able to go back in time to understand exactly what happened. 

​

We needed to know who had done what, when, what could have been handled differently, and what we had done right or wrong. We also needed to be able to provide information to the Alpes Santé Travail board of directors, and to be able to communicate with our member companies. That's why we decided to call in an external service provider, so that we could pick up the thread of events and get an outside perspective on the whole thing."

 

 

​

3- Why did you choose to entrust these missions to CyberSecura rather than to someone else?

​

"First of all, because you were recommended to us by someone I knew. We had feedback, a sort of 'external guarantee'. Then there was also the fact that you are based in the Grenoble area. Generally speaking, I'm keen to work locally whenever possible. 

​

I think these two factors helped to give me confidence."

 

 

​

4- Did you have any fears before setting up the project?

​

"No, I had no particular fears - on the contrary. We really wanted to bring in an outside perspective and gain additional insight into what had happened to us. So no, we had no particular fears, we had confidence."

 

 

​

5- In your opinion, what are the challenges facing your business today?

​

"I don't know if this is a challenge specific to our field of activity, but I do think that there is a major challenge today, one that concerns information technology in general, security and cyber security. We know that cyber-attacks are on the increase, we have been victims of them, but it's not out of the question that we could fall victim again, and it's a subject that we have little or no expertise in.

​

In my opinion, there is also the whole issue of artificial intelligence, which raises a lot of questions, because we now feel that there is a kind of 'superior intelligence', and attacks are becoming increasingly sophisticated and harder to spot. I sincerely believe that we can very quickly be overwhelmed by this whole area, not least because we are not trained (and even when we are trained and aware, we can very easily be fooled). The physical theft of data, burglaries, assaults, etc. are obviously one thing, but I think we also have a lot to fear from the digital route.

​

So it's really important that we do everything we can to protect ourselves in this respect.

 

As far as we are concerned, we are obviously dealing with sensitive data, since it concerns health data (occupational health). However, it is up to us to show our member companies that we are well aware of the issues at stake and that we take particular care with the data entrusted to us."

 

 

​

6- How would you describe the work carried out by CyberSecura and its team, in just a few words?

 

"I would say very professional, fast, efficient and comprehensive."

 

 

​

7- What are the results of this collaboration?

 

"I would say efficiency and frustration.

​

In fact, there is a slightly frustrating aspect because this intervention is only temporary. On the other hand, the intervention was quick and efficient, which was obviously much appreciated. 

​

Personally, the service gave me peace of mind, and I think it gave our Board of Directors peace of mind too. This enabled us to put an end to the cyber-attack we suffered.

​

We did everything in our power to warn and inform, both internally and externally, to reassure everyone. We even drew up an action plan prioritising the actions to be taken to complement the work carried out by CyberSecura and to go even further in addressing these cybersecurity issues.

​

In my opinion, there was a real completeness in the work that was done, which is very much to be appreciated."

 

 

​

8- What did you appreciate the most in the solution provided by CyberSecura?

 

"I think I really appreciated how demanding and serious David and then Saghar were. I also really appreciated the fact that we had regular, close contact. Once again, everything was concise, fast and efficient, and this enabled us to follow what was happening almost in real time: where are we with the intervention? What remains to be done?

We had real follow-up from one project to the next. So there was a very methodological approach that we found very enjoyable!"

​

​

​

9- What advice would you give to companies facing the same problem / having the same project as you? 

 

"In the end, I tend to think that this is a subject that should not be underestimated. Today, when I discuss it with other directors of occupational health departments, I realise that it's not their priority at all. 

 

Sometimes, the departments are big enough to have identified someone internally or externally to deal with this issue. However, there are also many other, smaller departments that are not necessarily aware of all the issues. We often say to ourselves, "We'll deal with that later! You have a computer to work on, you're connected to a printer, and that creates cybersecurity or GDPR compliance issues that you don't think about.

​

We completely underestimate these issues, even though we know they exist and that there are regulatory obligations. We find it too onerous, and we tell ourselves that the risk is surely not there right away.

So, despite all the obligations to which employers are subject, I think it's very important not to underestimate this risk. I also believe that it's a question of a company's reputation and its responsibility to its customers to be able to ensure that the service is provided correctly and takes account of these new issues. I think there are some issues that really need to be brought to the forefront, and even if it's not our core business, we have to tackle them head on. 

​

In that case, either we have the resources in-house and we can manage, or we don't, and in that case we have to call on people whose job it is. Because that's what I was saying earlier: you need a real level of knowledge and expertise in this area.

So the basics may not be enough, and it's important to be able to quickly build up expertise in these areas."

 

 

​

10- Would you recommend CyberSecura to others? Yes / No, for what reason(s)?

​

"Of course it was! It's been a really happy experience. So yes, I can't recommend CyberSecura enough, in fact I've already done so on several occasions. 

 

I would recommend you and for all the reasons we've covered so far. In my opinion, the service was really effective, and I saw a great deal of seriousness and professionalism throughout.

 

Today, we have taken the step of having a Director of Information Systems (DSI) who is there in transition. And we know that all the documents produced by CyberSecura will be a great help to him

 

CyberSecura's work is high-quality, thorough and comprehensive, and we can rely on it. So yes, of course, I recommend it!"