Remember the LinkedIn cyberattack in 2012? The world’s leading recruitment platform was robbed of personal data linked to 167,000 users – a gold mine that wasn’t difficult to monetize. LinkedIn and big groups in general are choice targets for cyberattackers. But they’re not the only ones at risk – far from it!
Now hackers are setting their sights on SMEs. According to a 2016 study by insurance company AXA, only 5% of SMEs are truly prepared to prevent a risk of this kind, whereas hacker attacks in France have risen by 51% since 2015, according to PwC. Here’s a non-exhaustive but practical list of the cybersecurity best practices you should adopt.
The cost of a cyberattack in figures
“Prevention is better than cure.” This old saying has never been as true as it is in today’s fully-digital age. Protecting yourself against cyberattacks might seem like a long, complex and expensive process, but you’d be crazy not to.
The average cost of a minor intrusion into your system stands at €115,000 and requires 7 hours of work to try to limit the damage. What’s more, a poorly protected IT system is exposed to an average of 3 attacks per month, meaning €4 million is lost every year on fixing the damage caused. Even more worryingly, a study by NTT Com Security shows that a major attack costs €773,000 and that businesses require 9 weeks to recover before returning to normal.
That’s why it’s important to take simple measures to reduce the risk of falling victim to hacking attacks – with most the result of a lack of vigilance from employees.
Your guide to a secure IT system: a daily struggle
Encourage employees to take responsibility
According to an Opinion Way study carried out for Cesin, a French organization of IT security experts, employees are the biggest security hole in businesses’ IT systems. In the same study, 48% of business leaders interviewed said they had doubts whether basic cybersecurity rules were being applied within their organizations. But although cyberattacks have catastrophic impacts, they can sometimes be very easy to avoid.
Know how to recognize a phishing attempt
Phishing is a common technique used by hackers, and although it isn’t the most complicated method of intrusion, it can cause havoc. The hacker sends you an email that looks familiar, claiming to be from a trusted contact (suppliers, sub-contractors, banks, etc.) who you’re used to interacting with via email. Generally, the email asks you to click on a link to update an account or provide personal details. You send the information, and that’s all there is to it. Don’t think you’d be taken in? Well, phishing is still the most common method hackers use.
So the question is: how can you recognize a phishing attempt? Firstly, the URL displayed in the email won’t match its target. Secondly, the link in the email won’t begin with ‘HTTPS://’. Finally, you’ll be asked to provide personal information (logins, passwords, etc.), which you should never do.
How should you react when faced with this type of intrusion attempt?
- Don’t reply to the email
- Don’t click on the link provided
- And above all, report it as spam or a phishing attempt to your IT department
Monitor access to your smart devices
Your smartphones and tablets are the perfect way to access your company’s IT system. These devices don’t require regular compulsory updates and allow intrusive apps to be downloaded (with the ability to access data that isn’t necessary for their use), especially as there are over 10 million different apps. And all of this weakens the business’s IT security system. Build good habits – make sure you regularly update all software and devices you use and don’t download software from alternative app stores.
Limit points of entry
With the arrival of the Cloud and Google Drive as well as free access to public Wi-Fi networks, storing and accessing all your data anywhere and any time makes your IT system more vulnerable. To keep your business information away from prying eyes, make sure you do the following:
- Remove automatic password manager tools such as Dashlane and KeePass to prevent any public network from gaining automatic access
- Use public Wi-Fi for general Web browsing only
- Make backups onto external hard drives rather than using the Cloud or Google Drive
- Use anti-virus software and keep it up to date
Change your passwords regularly
This won’t be enough to protect your information by itself, but it’s still an essential stage. A few simple and easy-to-implement measures can save you from experiencing major issues. The French National Cybersecurity Agency has issued the following recommendations:
- Regularly renew your passwords
- Create a password with a minimum of 12 characters, including numbers, letters and special characters such as $ or %
- Don’t use the same password more than once
- Don’t automatically save passwords
A lack of vigilance can quickly result in disastrous consequences – on a financial level, of course, but also for your company’s business activities and its image. So it’s vital that people become aware and take appropriate action.
In today’s world, IT security is an Achilles’ heel for many companies, so it’s essential to get everyone involved in the fight against cyber-crime. There might still be a long way to go to achieve optimum security, but you’ll get there if you put the right security measures in place.