ANSSI recommendations for SMEs: safety rules against cybercrime
mer., 14 mai 2014 08:44:00 +0200
For an SME, detecting a security incident such as intrusion into an IS can be very complex. This was, in all instances, the observation formulated by the National Agency for Information Security Systems (ANSSI). And however, according to it, 80% of risks may be avoided with simple measures. It has published a "user guide" on its site in the form of around forty or so "health and safety rules" concerning the security of messages, workstations, printers, etc.
There are no reliable figures to measure cybercrime suffered by SMEs. They may not be able to detect an attack or refuse to complain so as to avoid bad press. However, the ANSSI is talking about cybercrime in multiple forms. Targeted or opportunistic attacks with a view to collecting data of all types in order to sell these to other parties. Attacks in the form of a telephone call where the cybercriminal will pass himself off for a trusted body and ask to download a software programme... which will allow him to take control of the computer.
According to a recent PwC study cybercrime is the 2nd most common fraud observed in France. Managers have classified this as the type of fraud which is the most feared in the coming two years. A first simple but useful rule to reiterate would be to always use robust passwords (70% of these are reliable) and varied so as to avoid disasters solely caused by negligence.