🎙⏯ RGPD, IA & Cybersécurité : Prochains webinaires et replays 🎙⏯ RGPD, IA & Cybersécurité : Prochains webinaires et replays 🎙⏯ RGPD, IA & Cybersécurité : Prochains webinaires et replays 🎙⏯ RGPD, IA & Cybersécurité : Prochains webinaires et replays
Call us on +(33)4 28 70 91 81
Login

Best practices for dealing with cyber attacks on SMEs

Accueil Actualités Les bonnes pratiques pour faire face aux cyberattaques visant les PME

Article summary 

  • Introduction
  • GDPR, a challenge for cybersecurity 
  • The various threats
  • The pillars of safety
  • Best practices to adopt

This article is taken from the webinar "Cybersecurity: how can I protect my organization from threats?" which you can find here

Introduction

  • In 2019, 60% of all attacks and data thefts will involve SMEs.
  • 93% of SMEs that lost their data for 10 days or more declared bankruptcy within a year of the disaster. 
  • Increase in computer attacks since1st containment due to teleworking and use of poorly protected IT tools (personal computer, non-use of VPN, etc.).

GDPR, a challenge for cybersecurity

GDPR compliance enables companies to have a better understanding of the data that is used, but also the storage locations and retention periods. As a result, only data essential for data processing is retained.

The GDPR also requires mandatory procedures to be put in place. In particular, the data breach procedure. The latter makes it possible to react according to the seriousness of the data breach (data leaks, disappearances, alterations) :

  • Data breach register
  • Notify the supervisory authority 
  • Notify data subjects of the data breach 

Being prepared in the event of an attack is essential, as it boosts the confidence of employees and customers by demonstrating that procedures are in place. 

The threats 

There are several types of threat, which can come from different sources: computer attacks (DDoS, Cryptovirus, viruses, malware), social engineering such as phishing or espionage. 

The pillars of safety 

IT security rests on 4 pillars: 

  • Availability: data is accessible and usable by its authorized recipient at the place and time specified.
  • Integrity: data is modified only by authorized persons and according to an established procedure. 
  • Confidentiality: Data is accessible only to authorized personnel. 
  • Traceability: keeps track of the status and movements of information. It is this last pillar that enables us to know whether the other 3 characteristics have been applied. 

 

Best practices 

Some best practices concern employees, such as raising awareness: not replying to suspicious e-mails, double-checking important operations (e-mail + telephone). 

This can also include the use of "strong" passwords and a policy of changing them every X days. 

The use of a separate password for each application is strongly recommended. 

Backups and BCPs (business continuity plans) must also be put in place. Network monitoring using security devices enables unexpected events to be spotted. 

Find out about other best practices in our webinar here 

Other articles
on the same subject