When SME managers are asked about their cybersecurity strategy, the answer is often surprising:
– Some say they don’t know “where to start”, so have decided to do nothing.
– Others reply that their IT service provider manages backups and that everything is fine.
An SME is not a bank.
It can’t invest millions of euros in cybersecurity services and solutions to protect itself.
But the comparison is interesting:
-
Banks
Banks have to invest in the most robust safes and the most sophisticated security systems to protect themselves from highly expert, well-trained, and well-equipped attackers.
-
SMEs
On the other hand, SMEs need to protect themselves from less expert, less well-equipped thieves. By investing in armoured doors, alarm systems, security guards, etc.
The same applies to cyberattacks: the best (and most dangerous) hackers will concentrate on the most difficult targets. Amateurs, on the other hand, will try to randomly attack a number of easier targets (your SMEs, small local authorities, etc.) using ready-to-use “hacking kits” bought for a few thousand Euros on the “Dark Web.”
So why would you invest in physical security and not cybersecurity ?
To start with, a few simple tips:
- Find a partner specialising in security for VSEs and SMEs to support you over the long term. Your traditional IT service provider may not be in the best position to criticise his own methods (it’s hard to be both judge and jury at the same time.) The prices of specialist players are often much more affordable than you might think.
- Make your employees aware of the risks associated with using the Internet and IT tools. It’s important for everyone to be aware of the importance of respecting basic security rules: don’t click on suspicious links, don’t open dubious attachments, protect your passwords, etc.
- Update your operating systems, software, and antivirus regularly. Cybercriminals often exploit known security flaws to break into computer networks. By keeping your tools up to date, you limit the risks of intrusion.
- Make sure that all your data is backed up and recoverable in the event of a disaster by carrying out regular recovery tests and documenting these procedures. This will demonstrate to your customers, suppliers, insurers, bankers, etc. that you take the threat seriously. This precaution will be very useful in the event of an attack.
- Limit access rights to data and systems according to the needs of each user. This limits the risk of data leaks or misappropriation if an account is compromised.
- Separate personal and professional use of any smartphone, PC, laptop… as far as possible.
- Train your users to use a password manager (physical, local or cloud…). All these solutions will be better than good old habits: I use the same password everywhere; I take photos of my passwords or write them down in a notebook that I keep carefully in the same bag as my computer…
With the Paris 2024 Olympic Games and the upcoming NIS2 European directive, invest in cybersecurity today. Indeed, major events like the Olympic Games require anticipation against the increase in cyberattacks, and the imminent adoption of the NIS2 European directive underlines the vital importance of this investment.
