Since a few weeks, hospitals – such as those in Dax or Villefranche-sur-Saône – are presented as the preferred targets of cybercriminals in search of ransom. But these structures are unfortunately not the only ones to suffer from a massive increase in attacks on their computer systems. Companies have also seen an explosion in hacking attempts against them. The latter would even have been multiplied by four, according to Guillaume Poupard, Managing Director of Anssi, the public agency responsible for IT security in France.
Here is a series of tips to strengthen the computer security of your business.
Guard against an attack
Take inventory of devices connected to your network
It may seem basic, but it is essential to know precisely which machines are present on the information system of your company. ” This overview makes it possible to control the connection surface, the exposure, to facilitate the monitoring of security and therefore to better protect oneself. », Summarizes Thomas Roccia, cybersecurity researcher at McAfee. ” It is a classic measure but absolutely essential », Confirms Antoine Baranger, risk management advisor at RSM.
Update your machines and antivirus systems
An inventory of the computers on the network is good, but when they are updated it is better. ” Failure to update generates vulnerabilities which can then be exploited by cyber attackers, continues Antoine Baranger. And this step does not only concern computers, but also antivirus software: ” It is not enough to install the tool for it to be functional over time. If not updated, the antivirus will not detect all new viruses that have been born in the meantime », He specifies.
Raise awareness among employees
« The first bulwark against a cyber incident is people », Insists Antoine Baranger, who defends the importance of raising employee awareness. ” We can put all the tools we want in place, if employees are not trained in the vigilance to adopt in the face of suspicious emails, in securing their passwords, in attention to the information they expose on social networks or the importance of double identification for example, it will be futile Hammers Thomas Roccia.
Make regular and functional backups
When the company is attacked, it is unfortunately too late to verify that we have done all our backups and that they have worked well. Hence the importance of regularly checking in advance all the response procedures to a potential attack. ” Doing these checks has a cost and does not bring in any money, which is why companies often save them, but it is a mistake, explains the manager at RSM. Technical issues can hinder backups and it is important to test them to anticipate the quality of data recovery in the event of an attack. » .
« Ransomware – increasingly common attacks that sequester data for ransom, will be less serious for a company that knows its backup system is working and well in place, relaunches the cybersecurity researcher at McAfee. Being up to date on the subject makes it possible to be less sensitive to blackmail and the demand for ransom from hackers who have infiltrated a company’s information systems ”.
Get support from experts
Companies must identify experts who can support their structure to analyze their level of security, the potential incidents of which they may be victims and support them in the restoration of hacked data. ” The Anssi provides a directory of all the companies that can intervene on these issues », Specifies Antoine Baranger.
« Setting up security monitoring requires technology, but also human resources, hammer Thomas Roccia. These experts are the eyes and ears of the information system, who are the only ones able to analyze data, investigate, understand and alert on potential business flaws.« .
For SMEs and midcaps, which do not necessarily have the budget or the need to have a full-time expert, several solutions exist. ” Either the company decides to upgrade the skills of its IT manager on cybersecurity issues, or it occasionally calls on outside experts, every 6 months for example, to carry out reviews and audits, but also awareness campaigns. », Explains Antoine Baranger.
Be extra vigilant in the context of teleworking
Teleworking increases the company’s attack surface and creates opportunities for cybercriminals. ” In this context, it is essential to make employees aware of the risks, warns Antoine Baranger. Certain good practices make it possible to limit the risk: for example, employees must be prohibited from making personal use of their work computer. This notably involves the use of their personal email address or the various social networks they use.« .
In case of attack
Disconnect the machines
« If, for example, a collaborator opens an attachment in an email with a cryptolocker (Trojan horse type malware, with the aim of taking personal data hostage, Editor’s note) you must disconnect the computer from the network immediately », Explains Antoine Baranger. ” This is the only solution to prevent the bleeding and the spread of the virus, which can be devastating for the affected business. Thomas Roccia continues.
Keep calm and communicate
If an employee is a victim, and therefore the gateway to malware in his company’s network, it is important not to panic, try to hide or manage the problem alone because time is a key factor in managing these attacks. ” You must immediately notify your company’s IT teams so that they can take control remotely and react quickly “, Insists the researcher at McAfee. ” Then, do not forget to warn both its customers – in particular of the impact of this cyberattack on potential delays or security breaches, but also to report a security incident to regulatory bodies such as the CNIL, for endangering personal data », Adds Antoine Baranger.
Do not pay ransom
It’s easy to say but the two cybersecurity experts say it: paying the ransom is not the solution. Firstly, ” it fuels cybercrime “, Warns Thomas Roccia, but paying more does not mean being out of the woods. ” Paying the ransom does not ensure that the crypto locker (lmalicious software, Editor’s note) is actually removed by hackers, who are sometimes without faith or law ” , specifies Antoine Baranger.
To try to convince companies not to succumb to blackmail and fight ransomware, the “No More Ransom” project, developed by McAfee in partnership with Europol and various European countries, provides all Internet users, free of charge, a site that allows victims of computer attacks to decipher them. Led by a group of cybersecurity researchers, of which Thomas Roccia is a member, the initiative publishes all the solutions found by these experts to break the encryption of the various attacks they have found. If they do not have all the solutions, some intrusions can be bypassed using this tool.
Go back to old-fashioned operation
Nothing more reliable than a paper and a pen. ” During a cyber attack, all of a company’s activity is brought to a halt, preventing all teams from using their IT tools and messaging, explains Antoine Baranger. No miracle recipe against this, the best is to anticipate this risk, to think upstream how we could manage a very degraded and minimal functioning of the company by returning to paper and telephone exchanges only, without stopping everything, the incident resolution time » .
Change all passwords
Once the attack has passed, the company is still more vulnerable. We must therefore be very vigilant in restoring the entire information system to ensure its security. ” All previously hacked machines must be restored by experts and all passwords need to be changed by each of the company’s employees ” , concludes Antoine Baranger. If this is not done, the cybercriminal who broke into the company’s network with the usernames and passwords of one of the employees can come back at any time and start the same pattern again, since he still has the right to key to enter“. One informed person is worth two.
–
