In spite of current events that are increasingly marked by vulnerabilities and cyber-attacks, computer security remains a world that is perceived as obscure and costly for many companies. However, it is possible to quickly implement a few good practices in order to protect yourself…
Net4All offers you 5 simple tips to implement today!
Encrypt your Data
This is THE danger that worries most of us on the internet: data theft!
Opt for the implementation of a security strategy that will allow you to limit risks. Today, the majority of computer equipment offers native encryption mechanisms (Bitlocker, “at Rest” encryption), allowing you to easily and quickly increase data security.
With priority towards mobile devices (laptop, smartphone, etc.), it is imperative to activate these basic mechanisms.
Your data is critical, which is why it must be useless in case of theft! First of all, make sure that the chosen encryption protocol is not obsolete, as this could compromise the security of your site.
Data interception is also possible during data transmission. These so-called “Man in the Middle” attacks can be prevented by using stream encryption, such as TLS, which allows this to be done at the HTTP (HTTPS) level for example. The systematic use of secure protocols makes it possible to ensure a higher level of security in a simple way.
Keep your technology up to date
Plugins, operating systems, frameworks, all of these have experienced security flaws that require updates.
Publishers usually release their patches before hackers can get to them, which means you need to be responsive so that your system is not vulnerable.
To do so, here are some Net4all tips:
- List and map the components and technologies used by your system
- Monitor sources such as CVE
- Schedule your updates on a case-by-case basis. That way, you will ensure the security of your systems
- Make sure you have appropriate maintenance contracts for every application in order to have access to available security patches
Certain updates can be complex, leading some companies to neglect them at their own risk and peril. In this case, it is essential to implement virtual patching.
Configure your systems carefully
System configuration is also essential to the protection of your data!
Nowadays, hackers have an excellent knowledge of system configurations , so when you install a new program, you are taking a big risk by choosing the default configuration.
In order to respect good practices, it is essential to check everything: Internet servers, applications, databases, files…
- Delete accounts or change passwords for default accounts
- Don’t give clues. Write an error message with as little information as possible because hackers are always on the lookout.
- Restrict functionality and access to files to what is strictly necessary, this is the ” least privilege ” principle.
- Filter your administration feeds so that they are authorised only from verified sources (IP filtering, VPN, etc.).
Beware of third-party data
Although this may seem obvious, the amount of data theft using this technique is still very high.
So, whether it is an email or a USB key (especially if you are not the owner), the strictest caution must be observed!
Some “malicious” USB keys can pretend to be a device (often a keyboard) connected with your PC, and launch commands without any interaction on your part. And this is done automatically, as soon as they are connected to the computer, without you noticing it immediately …
Regarding emails, avoid opening any attachments from unknown origin. We advise you to open them in a dedicated environment, such as an isolated virtual machine for example.
Being vigilant is not enough to protect your systems because unfortunately, they are never 100% secure. You have to accept the possibility of an attack and know how to be reactive!
A cyber defence strategy must therefore be put in place: one of the main elements is setting up alerts for any suspicious activity. Having a pre-established process will allow you to be more effective in stopping a hacker before they reach their target…
The best way to anticipate this is to carry out an intrusion test to estimate the damage that can be done by a hacker, and the actions to be taken to anticipate this risk. It is also important to train your teams on cyber-crisis through exercises that simulate a computer attack, allowing you to acquire the reflexes necessary to deal with this type of event.