Introduction: The importance of employee vigilance in cybersecurity
SMEs and medium-sized businesses are on the frontline of cyber threats. According to recent reports, nearly 67% of French SMEs and ETIs have experienced a cyberattack in recent years, with an average cost of 50,000 to 200,000 euros per incident. Most incidents are often linked to human error or careless behavior. Each employee plays a central role in cybersecurity, and this guide offers practical recommendations to strengthen the protection of information and systems, whether in the office, working remotely, or on the go.
Protect your credentials
Passwords are a cornerstone of security, yet they are often overlooked. Proper password management is essential to prevent unauthorized access.
Create unique and complex passwords
Combine uppercase and lowercase letters, numbers, and special characters. Choose passwords of at least 12 characters for each account.
Separate professional and personal passwords
Using different passwords for work and personal accounts reduces the risk of compromise between personal and professional environments.
Use a secure password manager
Store your credentials in a digital vault like KeePass rather than on insecure media (post-its, Excel files). These tools also allow you to manage complex passwords without memorizing them.
Never share your passwords
Keep your passwords strictly personal, even with colleagues and support staff.
Caution with removable storage devices
Removable devices such as USB keys are vectors for malware and intrusions. Even an inadvertently inserted USB key can compromise the company’s network security.
Avoid unauthorized USB/removal devices
Never insert USB drives of unknown or unapproved origin. Cybercriminals sometimes use infected devices to access company systems.
Limit their use
Whenever possible, opt for secure cloud storage solutions provided by the company.
Ideally, USB devices should be prohibited
Company policy may recommend or impose this ban to reduce the risk of malware introduction.
Protecting mobile devices while traveling
Laptops and phones are particularly vulnerable when traveling.
Avoid public wi-fi networks
Free Wi-Fi networks (hotspots), such as those in airports and cafes, can be hacked to intercept sensitive data. Use your phone as a secure hotspot or connect via a VPN.
Keep your devices under control
Whether in a public place or on the move, never leave your devices unattended.
Avoid working on sensitive documents in public
Use a privacy screen to prevent prying eyes.
Avoid public USB chargers
Charging stations in airports, cafes, or other public places can be compromised, exposing your devices to hacking risks. Instead, use your own charger and plug it directly into a secure power outlet.
Be wary of phishing and malware
Phishing attacks are frequent and dangerous for companies.
Be cautious with unexpected emails
Be wary of suspicious emails containing links or attachments, especially if they come from unknown senders.
Verify URLs and attachments
Before clicking a link or downloading a file, carefully verify the email’s authenticity. Links may redirect to malicious sites.
Avoid unapproved applications (shadow IT)
Using services not approved by the company (e.g., unauthorized Dropbox, Google Drive) exposes the company’s network to risks. Use only authorized applications.
Contact the person directly if in doubt
If an email seems suspicious, it’s best to verify by contacting the sender through another method before clicking or replying.
Equipment management and updates
Software updates are essential for patching security vulnerabilities.
Ensure all software is up to date
Enable automatic updates to get the latest protections against threats. Updates include critical security patches.
Install antivirus/EDR software and activate the firewall
Make sure your antivirus is up-to-date or EDR, and the firewall is active to enhance your protection against cyber threats.
Protection of sensitive documents
Managing sensitive information, whether digital or printed, is crucial.
Print only necessary documents
Limit printing and be sure to securely destroy paper documents after use.
Avoid storing sensitive documents locally
Especially when traveling, avoid copying sensitive documents to your device. If necessary, limit yourself to essential documents only.
Device management and secure information storage
A secure storage solution is essential to protect confidential information.
Do not use insecure media to store sensitive information
Avoid post-its or other unprotected media for noting down passwords.
Use a digital vault
Solutions like KeePass allow you to store passwords in a secure environment.
Be vigilant with online permissions
Many websites and applications request permissions to access drives, contacts, or even sensitive information.
Be careful with permissions
Before allowing access to your data, ensure the reliability of the site or application.
Don't upload sensitive data on unapproved sites
Use only company-approved sites and services for sharing or storing sensitive data.
Responding quickly in case of a security incident
Despite all precautions, incidents can still happen.
Report any incident or suspicious activity
Whether you notice unusual activity, compromise on your device, or a suspicious email, immediately notify the security team. A quick response can prevent a minor problem from becoming a major incident.
Conclusion: Cybersecurity, a collective responsibility
Cybersecurity doesn’t rely solely on company policies and solutions. It is also, and above all, the result of vigilant and responsible practices by every employee. By following these best practices, each person contributes to strengthening the company’s security.
Cybersecurity is everyone’s responsibility, and individual vigilance is essential to prevent cyberattacks.
Comments