CLIENT
TESTIMONIAL

1- Could you briefly introduce yourself: your company, your position, your responsibilities?

 

"I am Denis Chincholle, who has been in charge of the information systems of the town of Vif, a municipal public institution, for 13 years. The commune has 8,400 inhabitants, and we manage the data of about 200 users."

 

​​

​​​

2- For what type of need did you call upon CyberSecura? What was the trigger?

 

"We suffered a crypto-locker attack on one of the community's workstations (a server was also affected). As we process a lot of personal data, we called on CyberSecura to carry out an audit of our information system. 

Following this audit, the local authority decided to be accompanied for 3 years by the CyberSecura team in order to reinforce our digital security."

​

​​​

​​

3- Why did you choose to entrust these missions to CyberSecura rather than to someone else?

 

"This choice was essentially based on proximity: geographical proximity, but also human proximity.

Grenoble and Vif are two neighbouring towns, so it was easier for us to contract with CyberSecura. 

But we also liked the "small structure" aspect and this human proximity: we don't have the feeling of being just a number at CyberSecura, as it can be the case in much larger structures.

It is finally these aspects that pushed us to choose CyberSecura for this support.

 

As we are satisfied with the work done, we would like to extend our initial three-year commitment for another three years. This decision will therefore be discussed at the end of 2021."

​

​

​​​

4- Did you have any fears before the project was set up?

 

"We did not have any particular concerns about signing a contract with CyberSecura. 

However, some doubts were expressed internally, concerning the conclusions of the audit. Indeed, before the audit, we were already aware of certain weak points and we had anticipated that several changes and adaptations would be necessary. 

What we feared most were the human and financial consequences of the audit rather than the audit itself."

​

​​​

​​

5- What are the challenges in your business today?

 

"The main challenge, for many local authorities and even companies, is the management of change in organisational methods. 

It is essential to integrate safety into the management of operations from the very beginning of a project so that it becomes as natural as possible. 

It is often accepted in common practice that during a physical meeting between two people, exchanges must be completely confidential. On the other hand, we tend to forget that when we are working, it should also be confidential. 

Good infrastructure is essential, but above all, good practice. Users must know how to use the infrastructure provided by the community in a correct way, and in accordance with the procedures in place.

 

This is the most challenging element in my opinion."

​​​

​​

​​

6- How would you describe the work of CyberSecura, its team, in just a few words?

 

"I would say support, caring, and expertise." 

​

​

​​​

7- What are the results of this collaboration?

 

"We have not been attacked again by one or more crypto-lockers, but we are well aware that no security is perfect and it is likely that one day we will discover a new flaw that poses a serious risk to users' data. 

What is important is that all employees are aware of this risk, that they realise that the community is managing personal data that does not belong to it and that they realise the importance of confidentiality.

 

As far as the results of this collaboration are concerned, many points have been improved in terms of network security. We are now convinced that the data processed is more secure than before CyberSecura's intervention two years ago. 

This is why we want to continue this cooperation, because cyber security is a long-term task that takes a lot of time."

​

​​​

​

8- What did you like most about the CyberSecura solution?

 

"It is essentially the customization of the response that we appreciated.

CyberSecura understood that as a local authority we have specific problems and that the means had to be adapted to our budgets, our organisation and our ways of working (although these must evolve). 

 

We particularly appreciated the fact that we were talking to people who were able to adapt. The CyberSecura team did not talk to us about high-level cryptography, although they were capable of doing so, as they immediately understood that this was not what we needed. We really felt like we were talking as equals, which is very interesting and we feel like we were understood and heard."

​

​​​

​

9- What advice would you give to organisations facing the same challenge as you?

 

"I would give three pieces of advice: raise awareness among employees, set up an operational and efficient technical base and integrate security into new projects. 

 

Employee awareness is a key point. It is essential to put in place an effective training plan, adapted to the different functions and sectors of activity, but also to the needs of the personnel. 

It is necessary to know where we are starting from: the audit of the initial information system is really crucial and should enable macro-objectives to be set (in six months' time having achieved such and such an objective, in one year's time having achieved such and such an objective, etc.). 

 

It is important to integrate cybersecurity aspects into new projects, when purchasing new software, for example. This can sometimes be a problem because we are an IT support service. We therefore work for other departments, which are mainly concerned with production. 

For example, the technical services want to produce construction and renovation projects; the town planning department needs to process files, so cybersecurity is not their main problem. 

However, when a new process is integrated, it must be done in a "cybersecurity compatible" way, and this is an obligation that can be restrictive. However, it is an essential step, and prevention is better than cure. A project that has integrated cybersecurity from the start will be much easier to secure during the operational phase." 

​​

​

10- Would you recommend CyberSecura to others? For what reason(s)?

 

"Yes, and I have already done so. I have been contacted by other communities who have asked me who I was working with on this topic. They were very interested in CyberSecura's approach and some of them intend to contact CyberSecura for auditing or support services in cybersecurity. I will gladly continue to recommend CyberSecura to others."