The Must Follow Rules For Flawless IT Security Setups

It is the responsibility of a business owner to ensure the security of the digital heritage of his company, since his civil or criminal liability may be engaged in the event of a proven breach.
(see the legislative texts on the subject at the end of the article)

The main vectors of cyber-attacks in VSEs and SMEs.

Less equipped with security systems and therefore much more  likely to be hacked .

Insecure data storage and poor access and password management.

Dangerous practices of employees due to ignorance of risks.

Mobility and the proliferation of devices connected to the corporate network.

Emails, the main method of distributing malware and ransomware and the preferred method for financial scams or password theft.

Here are the essential rules to secure your professional IT environment.

1 – Establish a security policy

Summarize in a written document accessible to all the security rules  of the company’s information system :

  • Good phone , web and email security best practices
  • Rules for downloading and / or installing new software
  • How to choose your passwords , etc.
  • The vulnerabilities of the computer system

2 – Make staff aware of the risks involved 

We can never say it enough: We must talk to employees, partners, customers, suppliers, etc. Employee awareness of  the risks of cybercrime is essential! The financial consequences of a  cyber attack can be catastrophic for a company, and its primary weapon is the education of its employees . 

3 – Back up your computer data

The digital heritage of a society is the foundation of its activity . The capital data of a company must be centralized and saved daily on a local server (for more control) and remote in the event of physical disasters (theft / fire / bad weather). We can also opt for a simpler solution: A box present within the company and fully secured against physical risks .

4 – Secure the corporate network 

The cyber attacks ( ransomware, malware, phishing and other viruses ) are external aggression it takes to  hang with a firewall and a proxy that protect web connections. The cybersecurity of a company also goes through the protection of the local network, wifi access, electronic messaging as well as any remote access.

5 – Protect mobile devices   

  • Laptops / tablets: with new generation and updated anti-malware
  • Smartphones: Today there are antivirus and anti-malware for mobiles. You should also remember to activate the automatic lock to prevent fraudulent use in the event of loss / theft.

6 – Protect personal data 

The new European Regulation for the Protection of Personal Data (GDPR) requires the implementation of a privacy policy. It is therefore necessary to integrate a confidentiality clause in IT outsourcing contracts with IT providers and Cloud providers (especially since the vote on the Cloud Act). 

7 – Manage sensitive data

The confidential files of a company must at least be:

  1. Encrypted when saved (encryption of data considered sensitive under the law is mandatory)
  2. With limited access to authorized persons (connection thanks to personal authentication).

8 – Secure the premises  

The premises of a company remain its nerve center. Physical access to offices and computer servers must absolutely be secure  : Closed and controlled access with digital codes and other name badges for authorized persons.

9 – Do security tests

Like evacuation drills,  tests to restore data (files, system images, servers and operating systems) are necessary to prepare for the next cyberattacks.

10 – Ensure business continuity in the event of a cyber attack

If, despite all these measures, the company is victim of a cyber attack , it is possible to resume its activity in the dark and without paying a ransom . The solution ? Anticipation ! Setting up a Business Recovery Plan using specialized  backup software allows you to restore all lost or encrypted data in a few hours! 

Have you validated all the points on this check list? Your activity is then protected against claims. 

 You have not validated all these points?

By anup