As we regularly mention, the security of your information system must be one of your primary concerns.
Significant in many respects, the year 2020 was also the year of all records in terms of cybercrime. Unfortunately, 2021 and 2022 have taken the same path. Our advisory and service missions lead us to believe that raising everyone’s awareness and popularizing our discourse can help reverse this trend.
Table of Contents
Information System Security: The Right Questions To Ask
To do this, what better guide than a simple methodology around critical questions to ask? The ANSSI (National Agency for the Security of Information Systems) has also published a guide for VSEs and SMEs. This guide offers several questions to ask that we will answer. These responses or proposals are intended to be consistent with your business requirements and obligations while complying with security obligations.
The idea is that your stable and secure information system should serve your organization, not the other way around.
Information System Security: Do You Know your IT Assets Well?
Indeed, knowing your equipment is the first question you should ask yourself. To meet this first challenge, it will be necessary to keep an accurate inventory of your equipment, but also of your software and your users.
Who uses what? Who has access to what? And especially why? The answers to these questions will then determine the strategies we will implement to ensure optimal security for your information system.
Do You Make Regular Backups?
Making regular backups of your data is one of the critical security measures. Indeed, regularity and redundancy are 2 words you absolutely must associate when you have to determine your backup strategy.
Do you know the 3-2-1 rule when it comes to backups?
Redundant Backups Of Your Data On 2 Different Media (at least), Including 1 External…
These basic recommendations will allow you, in particular, a faster restoration in the event of an incident.
What data? On what media? Physical, cloud or mixed backups? So many questions will allow you/us to determine your organization’s most relevant backup strategy.
Do You Regularly Apply Updates?
Yet essential, updates are too often ignored by users. Indeed, the updates offered by your operating systems or software contain patches, particularly security.
A station for which the updates are systematically ignored will be much more vulnerable than another (even with equivalent equipment), which would see updates applied when recommended.
To avoid any oversight or negligence, think, for example, of activating the automatic update functions!
Do You Use An Antivirus?
An antivirus (note, also regularly updated) is one of the first security measures put in place on information systems.
On the other hand, take advice from a service provider who will be able to guide you, in particular, when it comes to adding options such as the firewall, WEB filtering, etc.
Do You Have A Password Management Policy In Place?
Needless to say, the security of your information system also lies in implementing a password policy. 1234 or 0000 are not satisfactory for professional use! As a reminder, a strong password must contain between 8 and 12 characters and be a mixture of numeric, alphanumeric and special characters.
This password should not be familiar to all identification services and should be changed regularly.
To ensure that each of your employees adopts this strategy, favor password safes: these tools generate and save strong passwords in a secure file. Your employees will then only have one password to remember.
Information System Security: Have You Activated A Firewall?
The firewall protects your information systems from attacks coming from the Internet. When a firewall is installed and activated on all the workstations of an information system, it blocks or slows down the propagation of the attack to other equipment connected to the network.
How Do You Secure Your Email?
Remember that email is one of the first security breaches in companies. Using a professional mail server will make your installations less vulnerable. But beyond the physical parameters and the tools, the most reliable security barrier for your information systems lies in the training and awareness of your users regarding the use of their email: verification of senders, not opening all emails, never opening a dubious attachment …
How Did You Secure Mobile Computers?
The increasing mobility of our employees and the development of telework must be supervised so that the security of your information system is guaranteed. A list of good practices will allow your employees concerned to combine mobility and safety. Is the data saved elsewhere than on the mobile station? Is mobile equipment equipped with a screen filter? However, ban using promotional USB keys; limit the volume of data recorded on the computer as much as possible…
Have You Informed And Educated Your Employees?
We have already mentioned it, but raising your employees’ awareness comes down to involving them alongside you in this quest for safety.
The IT charter can, for example, be explained, argued or illustrated with concrete examples instead of being distributed against the signature.
Empowering and regularly raising awareness among your users will instill a culture of “IT hygiene” in your team.
Information System Security: Will You Be Able To React In The Event Of A Cyber Attack?
The primary security rules of your information system are intended, in particular, to fight against cyberattacks. But knowing how to fight against cyber-attacks also means dealing with these viruses. When detecting such an attack, the first reflex is to disconnect the infected workstation or the information system from the Internet and immediately inform the internal or external IT department.
These few best practices list all the essential security rules to ensure your information system is secure and stable.
Also Read: Corporate Security: What Are Clients And Servers?