Cybersecurity of startups and VSEs : meeting the strong vs. weak medium vs. urgent context.
Mis à jour : il y a 18 heures
With the rapid evolution of technology, (cyber) threats are becoming more and more present. Companies need to protect themselves against possible attacks and deal with the various threats (intrusions, data theft, ransomware, malware, phishing, etc.), while complying with the new European regulation on the protection of personal data (RGPD(1)).
Not easy when you are a small structure or newly established on the market. How to solve this strong need for IT security, in this urgent current context, when the means are weak?
Here are some tips to get you started, before you can call on a company specialised in cyber security.
The first important thing would be to have the employees sign an Information Systems Security Policy (ISSP). You can write it yourself, or you can hire a professional to write it for you. It will be used to describe the company's general IT security measures. Often, companies only think about drawing up a PSSI after they have been victims of cyber-attacks. The right thing to do is to introduce it from the outset, so that employees immediately adopt good practices and limit the risks of attacks. Indeed, the right question to ask is not "Will my company be attacked ?", but rather "When will my company be attacked ?
You cannot write or have written a PSSI immediately ?
Here are some good practices to put in place, without delay, with or without an SSP:
Adopt a password policy.
Change all default logins on the computer system, both software and hardware (e.g. printers).
Control internet access: For example, set up VPNs (if your employees are required to travel for work, and/or telework), set up firewalls, antivirus, etc.
Control WI-FI access: Do not use public terminals either with a laptop or a professional mobile phone. Make sure that the default login and connection key are changed the first time you use them.
Secure your laptops and mobile phones (passwords, encryption of content, activate the remote wipe option, etc).
Make backups of important company data, remembering to update them regularly. This will limit losses in case of cyber-attack(s) (e.g. ransomware). There are several ways of making backups: physically (on external disks, for example, which you can also take home every evening, so that the data is saved in the event of theft or even fire), via the Internet (on secure external servers).
Prohibit online backups of business data to employees' personal accounts (cloud applications). Many online storage solutions are insufficiently or even unsecured.
Keep your IT equipment up to date. Whether it be software or hardware.
Regularly check the public databases concerning the threats and cybersecurity vulnerabilities discovered (Common Vulnerabilities and Exposures).
Empower and train employees with computer security training.
Empower and inform its employees with MOOCs that address the topic of IT security. The ANSSI also makes their MOOC on IT security available to companies that request it, in SCORM 2004 format. You can then personalise it before presenting it to your employees(2).
These tips can help reduce the risk of cyber-attacks, and limit their effects if they do occur. Unfortunately, these good practices alone are not enough to protect against malicious attackers. If you are not an IT security specialist, you need to seek professional help. The issue of cyber security should not be put on the back burner. The budget allocated to IT services must take security into account in order to protect oneself from attacks.
Cybersecura offers a new online diagnostic and support service, called "CS-Access", aimed at small organisations and start-ups, which do not have large budgets. To find out more, click here.
To go further:
Would you like to be informed of our news and receive our latest blog articles directly in your mailbox ? Subscribe to our monthly newsletter !
Would you like to discuss your difficulties, your needs, our offers ? Ask to be contacted, free of charge and without obligation, by one of our cybersecurity experts !