ANSSI-CGPME guideIn the course of its business, every company possesses sensitive data.
Unfortunately, small and medium-sized businesses don’t always have the resources or expertise to implement sufficiently effective security strategies.

That’s why our French neighbors, notably the CGPME (Confédération Générale du Patronat des Petites et Moyennes Entreprises) and the ANSSI (Agence Nationale pour la Sécurité des Systèmes d’Information) have joined forces to list 12 essential rules to be applied as soon as possible.
These rules apply to both French and Swiss SMEs, so we’ve decided to share them with you.

Organization

 

 

  • Careful choice of passwords: establish rules for password choice and size (minimum number of characters), then enforce them.
  • Regular software updates: your operating systems need to be configured so that security updates take place automatically.
  • Knowledge of users and service providers: you need to be able to precisely identify the different users on the system, and the privileges they are granted.
    Not all users have administrator rights.
  • Regular backups: you must make daily or weekly backups on external media (DVDs, USB sticks, external hard disks, cassettes) reserved exclusively for this purpose.
    • Secure access to company wifi: never use WEP encryption, as it can be hacked in a matter of minutes.
    Whenever possible, use WAP2 encryption, otherwise the WPA-AES version.

Habits

  • Be as careful on your smartphone or tablet as you are on your computer: don’t hesitate to overprotect your devices by using a scheme or password in addition to your PIN code.
    Above all, install only the applications you need for your business.
  • Data protection on the move: you need to be vigilant, keep your devices with you at all times, and disable Bluetooth and Wi-Fi functions.
    Avoid connecting your equipment to those of third parties.
    • Caution when using e-mail: Never open attachments or links from unknown senders, and always check for consistency between message content and sender.

Online

 

 

  • Downloads: only download programs from publishers’ websites or other trusted sites.
    Always remember to uncheck or deactivate functions offering to install additional software.
  • Online payments: check for a padlock in your address bar or browser window.
    Make sure you have “https” in the URL, and opt for SMS confirmation.
  • Distinguish between professional and personal use: avoid transferring professional messages to personal mailboxes and, above all, don’t host any company data on personal media (physical or cloud).
    • Digital identity: remain vigilant when filling in forms, and limit access to your professional and personal information on social networks as much as possible.

More details on security measures for SMEs?

Browse the best practice guide

Visit our dedicated IT security page