🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Best practices for dealing with cyberattacks targeting SMEs

Home News Best practices for dealing with cyberattacks targeting SMEs

Summary of the article  

  • Introduction
  • GDPR, a challenge for cybersecurity  
  • The different threats
  • The pillars of security
  • Good practices to adopt

 This article is taken from the webinar "Cybersecurity: how do I protect my organization from threats? " which you can find here  

Introduction

  • In 2019,0% of attacks and data theft in 2019 concerned an SME.
  • 93% of SMEs that lost their data for 10 days or more declared bankruptcy within the year of the disaster.  
  •  Increase in computer attacks since 1er confinement due to teleworking and the use of poorly protected IT tools (personal computer, non-use of VPN...).

GDPR, a challenge for cybersecurity

GDPR compliance allows companies to have better knowledge of the data that is used, but also storage locations and retention periods. Thus, only data essential for data processing is kept.

The GDPR also requires the implementation of mandatory procedures. In particular the data breach procedure. The latter allows you to react according to the seriousness of the data breach (leaks, disappearances, alterations of data):

  • Maintaining a record of data breaches
  • Notify the supervisory authority  
  • Warn affected individuals of the data breach  

Being prepared in the event of an attack is an essential point, it helps build the trust of employees and customers by demonstrating that procedures are in place.  

Threats  

There are several types of threats that can come from different sources, computer attacks (DDoS, Cryptovirus, viruses, malware), social engineering such as phishing or espionage.  

The pillars of security  

IT security is based on 4 pillars:  

  • Availability: the data is accessible and usable by its authorized recipient at the place and time provided.
  • Integrity: data is modified only by authorized persons and according to an established procedure.  
  • Confidentiality: The data is accessible only to authorized persons.  
  • Traceability: keeps traces of the state and movements of information. It is this last pillar which allows us to know if the other 3 characteristics have been applied.  

 

Good practices  

Certain good practices concern employees, such as raising awareness: not responding to suspicious emails, carrying out double checks for important operations (emails + telephone).  

This can also be the implementation of so-called "strong" passwords and a change policy every X days.  

Using a separate password for each application is strongly recommended.  

Safeguards and BCPs (business continuity plans) must also be put in place. Network monitoring using security devices makes it possible to identify unexpected events.  

 Find other best practices on our webinar here  

Other articles
on the same subject