How to Protect Yourself from Cyberattacks?

Summary

With the advent of the NIS 2 directive, the European Union is strengthening its legislation to ensure better protection against cyberattacks. This initiative is particularly relevant in today's landscape where cyber threats are omnipresent and constantly evolving. The French National Agency for the Security of Information Systems (ANSSI) provides practical guidelines to help organizations comply with these new requirements. This booklet (available at: https://www.entreprises.gouv.fr/files/files/secteurs-d-activite/numerique/anssi-guide-tpe_pme-cybersecurite.pdf) outlines 12 best practices to implement in small and medium-sized businesses.

In this article, we will review the assets within Reboot Conseil, then go through ANSSI's recommendations together.

Key Milestone of NIS 2

Preventing Cyberattacks

How can an SME protect itself from cyberattacks? What risks are we facing?

Understanding Your IT Infrastructure

The first step toward effective IT security for an SME is having a thorough understanding of its IT infrastructure. This means inventorying all hardware, software, and processes, understanding data flows, and identifying interconnection points.

The risk of not maintaining an up-to-date inventory is that obsolete equipment or unpatched software can become security vulnerabilities exploited by cybercriminals. A concrete example is a forgotten workstation running an old and vulnerable operating system, which could serve as an entry point for an attack on the network.

Regular Backups

Data is central to our operations. What happens if one of us gets their Azure account hacked and the attacker deletes your project's database?

Failing to perform regular backups on different media exposes us to the risk of irreversible data loss. An incident such as a ransomware attack could encrypt all company data, rendering it inaccessible. Without diversified backups (on-site, off-site, in the cloud), we could find ourselves unable to restore our information and systems, leading to a prolonged disruption of operations, or even a complete shutdown.

3-2-1 backup principle

Security Risks: Viruses, DDoS, Identity Theft

Computer viruses are malicious software designed to infiltrate systems in order to cause damage or steal data. Imagine a situation where Mr. X inadvertently opens a malicious attachment. The virus attached to it can then spread through the company network, damaging or altering files critical to operations.

These malicious programs do not always manifest themselves in obvious ways and can operate covertly. Take the example of the IBAN Clipper malware. This type of malicious software works silently, monitoring the user's clipboard. When an IBAN is copied, the malware quietly replaces it with another account number belonging to the cybercriminal. This is how a payment, believed to be secure, is diverted to the fraudster's account. What looks more like an IBAN than another IBAN?

Distributed Denial of Service (DDoS) attacks aim to make a computing resource unavailable, typically by overwhelming it with requests. For example, an attack on the company website could flood it with artificial traffic, making it inaccessible to legitimate customers and disrupting business operations. We would then be left without a website for several days.

Identity theft, or "phishing," is a technique used by cybercriminals to obtain sensitive information by impersonating a trusted entity. An employee could receive an email appearing to come from management or a known supplier requesting confidential information, which could lead to unauthorized access to systems or fraudulent wire transfers. It was through phishing that MGM and Caesars Palace, the most famous casinos in Las Vegas, were targeted by two successive cyberattacks five days apart, shutting down the casino, elevators, hotel operations...

How to Protect Yourself?

Preventing Data Loss

Prevention starts with regular data backups, an essential practice for recovering systems in case of compromise. Backups should follow the 3-2-1 rule: three copies of data on two different media, one of which is off-site.

In terms of account management, it is crucial that data access is proportional to each user's needs to limit risks in case of compromise. Updates should be automated to ensure security vulnerabilities are patched as soon as they are discovered.

This can be a physical medium such as an external hard drive, which must be disconnected from the information system after the backup is complete, or a backup in a cloud service, or even both for your most valuable data.

Encrypting data before backing it up is a recommended practice. This primarily concerns cloud storage: in case of unauthorized access to the cloud service, the data remains protected. You can also prevent theft and loss of equipment by encrypting your workstations with solutions like BitLocker.

Data Encryption

BitLocker is a disk encryption tool built into Microsoft Windows. It was designed to protect data by providing encryption for entire disk volumes. Here is how it works:

• BitLocker uses the AES (Advanced Encryption Standard) encryption algorithm to encrypt disks. This algorithm is one of the most secure and is widely used in encryption applications.
• When activating BitLocker, you must choose a password or key that will be used to decrypt the disk. This key is required every time you start your computer. Without this key, the data on the disk remains encrypted and therefore inaccessible.
• BitLocker also has a feature called TPM (Trusted Platform Module) that stores encryption keys on a hardware chip on your computer. This provides an additional layer of security because even if an attacker manages to obtain your BitLocker password, they will not be able to decrypt the disk without also having access to the TPM.

For more information, I invite you to watch this video:

https://www.youtube.com/watch?v=RqWzTzUVYaM

Protecting Against Viruses, DDoS, and Identity Theft

Using security software such as antivirus programs, firewalls, and strong password policies is necessary to create a solid barrier against intrusions. If you are not comfortable with the different types of viruses, feel free to let me know ;)

Types of viruses

Access rights management is crucial for an organization's security. It allows you to control who has access to what resources and to what extent. By assigning appropriate access rights, you can prevent unauthorized users from accessing sensitive information. Furthermore, by limiting access rights, you can minimize potential damage in case a user account is compromised.

Regularly updating workstations and software is just as important. Updates often contain patches for security vulnerabilities discovered since the previous version. By not updating your systems, you leave these vulnerabilities open to exploitation by cybercriminals. Additionally, updates can also bring new features or improvements that can increase productivity and efficiency.

Identity theft is a malicious act in which a person attempts to impersonate another by using their personal information without consent. This can happen in various ways, including theft of personal information, phishing, interception of communications, or use of malware.

In the context of cybersecurity, identity theft can have serious consequences. The impersonator can access personal or professional accounts, carry out financial transactions, steal sensitive data, commit fraud, or damage the reputation of the person whose identity was stolen. Moreover, once an identity has been stolen, it can be difficult to prove that the fraudulent activity was not committed by the actual person. It is therefore crucial to implement adequate protective measures to prevent identity theft.

Choosing a Strong Password

Choosing a strong password is crucial to protecting your personal and professional information. Here are some tips for creating a strong password:

• Use a combination of letters, numbers, and symbols: The most secure passwords use a variety of character types. For example, instead of using "Reboot123," you could use "Reb@ot!123."
• Do not use common words or simple phrases: Passwords like "password" or "123456" are very easy to guess and provide no protection.
• Use a long password: The longer your password, the harder it is to crack. Try to use a password of at least 14 characters for sensitive data.
• Do not use personal information: Your name, date of birth, address, or other personal information can be easily guessed by someone who knows you or has access to your information.
• Do not reuse the same password for multiple accounts: If one of your accounts is compromised and you use the same password for multiple accounts, all those accounts are at risk.
• Change your passwords regularly: Although this can be difficult to manage, it is recommended to change your passwords every three months to limit risks.
• Use a password manager: Password managers like Bitwarden can generate and store complex and unique passwords for each site, so you do not have to remember all your passwords.

Choosing your password: best practices

Inventory and Equipment Management

Knowing your IT infrastructure is essential. Tools such as GLPI and OCS Inventory allow you to map out the hardware and software in use. Active Directory (AD) plays a key role in managing user access rights.

GLPI (Gestionnaire Libre de Parc Informatique) is an open-source software for IT asset management and helpdesk management. GLPI is widely used for inventorying IT resources in organizations and also offers a range of additional features, such as license management, contract management, supplier management, and even consumables management. In the context of inventory management, GLPI allows you to catalog all IT equipment (computers, software, networks, printers, etc.) within an organization, classify and manage them efficiently, which is essential for maintaining robust IT security.

GLPI interface

Implementing Antivirus and Anti-Phishing Tools

Antivirus software is essential for detecting and eliminating threats. Filtering rules and firewalls complement this defense by managing network traffic. In the event of an attack, it is crucial to react quickly to limit intrusions and maintain business continuity. Setting up quarantine and proactive threat detection are complementary measures.

Antivirus solutions comparison table

Using an Anti-Spam Tool: This tool filters spam messages before they reach your inbox.

An anti-spam filter is capable of analyzing the content of an email and determining whether it should be classified as spam. The filter relies on the fact that typical spam contains specific keywords, appears with a recurring frequency in the email content, and is placed in strategic locations.

Firewall solution

Securing Communications

A firewall is a security barrier that filters and controls incoming and outgoing network traffic according to predefined security rules. It acts as a gatekeeper, deciding which data packets can enter or leave the network. There are two main types of firewalls: the network firewall, which protects an entire network by filtering traffic between that network and other networks or the Internet, and the personal firewall, which protects a single computer or device.

Firewalls can be hardware or software-based. Hardware firewalls are often built into a router or other network device and are typically used to protect a home or corporate network. Software firewalls are installed on individual computers and offer customizable protection at the device level.

There are also next-generation firewalls, known as NGFW (Next-Generation Firewalls), which combine the features of a traditional firewall with other network security functions, such as deep packet inspection, integrated antivirus, and intrusion prevention.

Firewall

Separating Professional and Personal Use

Separating professional and personal IT use is an important security measure. It involves using separate devices, or at the very least different user accounts, for professional and personal activities. This practice limits the risk that a personal activity, such as downloading unsecured software or visiting a malware-infected website, could compromise the company's systems and data. In case of a personal use compromise, it does not directly affect the protected professional environment.

Email protection is reinforced by anti-spam and anti-phishing filters, and quarantine is a process by which suspicious emails are isolated for review rather than being delivered directly to the user's inbox.

Finally, TLS (Transport Layer Security) encryption is a standard encryption technology for securing communications over the Internet. It ensures the confidentiality and integrity of data exchanged between users' web browsers and servers, thereby preventing eavesdropping, data tampering, and "man-in-the-middle" attacks.

Cybersecurity Awareness

User training and awareness are crucial. First and foremost, it is about separating usage. We do not want to receive work emails during personal time, on weekends, or during vacations. This separation works on the same principle. The corporate network does not need to know that you are watching a particular Netflix series, a particular YouTube video, or planning a trip to the other side of the world ;).

This topic will be covered in much more detail through Reboot's security toolkit.

CyberToolsBox?

Reboot's Limits and Values

At Reboot, our values are what define us: openness, transparency, and a way of working that is uniquely ours. We know that launching major IT projects like setting up Active Directory (AD), a virtual private network (VPN), or an inventory system takes time and costs a lot in maintenance. And frankly, it does not really align with our way of seeing things, restricting everything at every turn.

That is why we have chosen to take a different path, more in line with who we are. We are going to create a cybersecurity toolkit that will allow us to move toward these standards without losing our identity. We are not closing the door on these major systems, especially since at some point, to obtain certifications like ISO 27001, we will not really have a choice. But we will take the time to do it our way, so that it integrates naturally into our DNA, without forcing anything or compromising on what matters most to us.