In 2020, cyber attacks have increased fourfold, here's how to secure your workstations.
Businesses exposed to multiple risks
Workstations are the primary source of security breaches. Weak passwords, out-of-date systems, insecure protocols, use of Shadow IT... The vulnerabilities are numerous and likely to increase the risks ofphishing, Ransomware, spyware, data theft, etc. When you know that a new virus is launched every 15 seconds, you can understand the importance of protecting workstations!
The CNIL (French Data Protection Commission) thus proposes 12 essential rules to ensure the security of information systems. Here are some of them:
- Choose passwords carefully (they should not be too simple);
- Secure the company's WiFi access;
- Update software on a regular basis;
- Download the programmes from the publishers' official websites;
- Separate personal and professional uses.
💡 Of course, these basic rules are not intended to eliminate all risks. They do, however, provide a solid foundation, while encouraging those involved in the business to exercise the utmost caution in their daily use.
Who manages the company's IT security policy?
In order to make IT security a priority, it is important to clearly define the roles of each of the parties involved. The IT department must be the protagonist and the main contact for information systems security, which ensures smoother communication between the various departments and a faster and more appropriate response in the event of a problem.
Furthermore, it seems essential to fight against Shadow IT by carefully selecting the software that is installed on the users' workstations. This is an excellent way of controlling possible sources of bugs, while at the same time ensuring better traceability of processes. In this respect, it is important to choose tools that are compatible with each other to reduce maintenance and development needs.
Finally, it is important to capitalize on the tools purchased by the company. For example, if you want to create an intranet, you may want to install the Mozzaik365 extension for Microsoft 365, rather than buying an entirely separate intranet software package. The key, again, is to increase control over the different tools.
How to secure workstations with Microsoft?
To strengthen your company's security with Microsoft, it is important to follow these tips:
- Provide the hardware and have the IT department perform the configuration;
- Instal a VPN to secure the company network ;
- Use dedicated administrator accounts;
- Select the "Reject automatic forwarding emails to external domains" option to prevent hackers accessing a user's mailbox from exfiltrating the email;
- Create one or more mail flow rules to block the most commonly used file extensions for Ransomware;
- Setting up targeted anti-phishing protection ;
- Implement two-factor authentication (this is a two-step validation that requires users to log into their account in two steps);
- Provide a cloud-based backup solution;
- Train users on IT risks and make them aware of good practice.
The importance of having a plan of action in case of problems
Cyber attacks are often seen as purely IT problems. However, their impact is much broader, affecting all employees as well as the reputation and image of the targeted company. They can also have a direct impact on the survival of the company, as happened to the lingerie brand Lise Charmel in 2020.
The best way to react to a cyber attack is therefore... to anticipate it. Hence the importance of having an action plan to follow in the event of a problem. This action plan must list all the company's vulnerabilities, whether they are IT or organisational. This involves audits, but also the establishment of a risk map.
The aim of anticipation is to reduce the risk of an attack occurring, and to prepare everything that can be prepared in advance. In this way, the negative impacts of cyber attacks can be contained. It is important, in this respect, to carry out scenarios with the IT teams beforehand. These scenarios make it possible to determine the most appropriate emergency measures.
💡 As a preventive measure, you can also be guided by specialized security companies. In any case, it is important not to rely solely on luck and to prepare for all events, in order of probability.
Things to remember
📌 Securing desktops is one of the essential keys to protecting yourself against cyber attacks.
📌 Workstations are the number one source of breaches in companies and the number one entry point for hackers.
📌 The implementation of a real policy of securing workstations can nevertheless drastically limit the risks of cyberattacks.