It is difficult to ignore the threat which weighs on personal data disseminated on the Internet. 2018 saw a particularly large number of cases of hacking. …and the winner is: Cambridge Analytica, for the scandalous leak of data on 87 million Facebook users! A few days ago, it was the turn of Google to admit a security flaw making accessible the data of some 500,000 users of the Google+ social media. When we see these IT giants getting affected, it is easy to imagine the vulnerability of all other Internet players in the face of hackers. Yet, at the same time, France has just taken a major step toward e-health, since telemedicine now has a legal framework since 15 September. Is this reasonable? What are the risks? And where does the responsibility of individuals lie in the face of such threats? Some answers to these questions can be found during European Cyber Security Month.

What are the corporate hacking risks?

No need to be a computer scientist to understand cyber security issues. In 9 out of 10 cases, attacks occur through a simple fraudulent email, something known as “phishing”. It works like this: you are prompted to click on a link, download an attachment or, worse still, to navigate to an online form and enter personal data. The consequences can be an infection which blocks your computer and leads to a request for a “ransom” (ransomware). If computers are part of a network, attacks can focus on the entire system which makes companies particularly vulnerable to the behaviour of their staff. Thefts of data – password, codes, login ids, contact lists, etc. – are just as frequent.

What can “hackers” do with data stolen from your computer or sucked in by large scale hacking of Facebook, Google+ or other sites? These scams are really very classic in operation. For example, “fake President” frauds where the identity of a senior executive is spoofed and an email sent to an employee, accountant or treasurer requesting an emergency bank transfer. Same principle as “supplier fraud” where the “pirate” informs you that your supplier’s bank details have changed.

What protective solutions exist?

The first and most effective protection against piracy lies in a set of best practices which users should adopt. For example, watch out for unusual emails, do not open suspicious attachments, ask oneself questions as to the potential use of information spread on social media, and adopt a strategy for managing passwords.  For example, ask yourself if someone who knows the names and date of birth of your children and spouse, maybe has enough information to crack some of your codes.

At a corporate level, the issue of cyber security should not be left to the IT department alone but must involve all staff. During European Cyber Security Month the main message from the public authorities is to promote awareness. On a dedicated website, you will find many practical tips and a kit to raise awareness among individuals and businesses. Communicating the right information to staff and cultivating the right internal organisation is an indispensable complement to your anti-virus software. 

For more information, go to www.cybermalveillance.gouv.fr.