Since the start of the conflict in Ukraine, cyberattacks for espionage purposes, attempts to break into messaging services have targeted Ukrainian and Russian sites. Even if these cyberattacks have a limited impact in France for the moment, the threat remains high, especially for companies with subsidiaries in Ukraine and Russia. The Government recalls a few computer hygiene rules for employees.
Strengthening cybersecurity: presentation of the international context
Due to the war in Ukraine, the National Information Systems Security Agency (ANSII) recommends increased computer vigilance. Indeed, since February 23, cyberattacks have been observed in Ukraine and Russia (distributed denial of service attacks, defacing of websites, attempted intrusion into emails with targeted phishing, cyberattacks with malicious codes sabotage).
These cyberattacks have for the moment limited impacts in France. But the risk remains high due in particular to retaliatory actions that may be carried out following the sanctions decided by Europe. In addition, limited hacktivist activities, which should not be minimized, targeted the sites of European companies which would not have expressed an opinion on their withdrawal from the Russian market.
These attacks can have serious consequences: unavailability of sensitive resources or damage to the image of entities. This is why French companies with subsidiaries in Ukraine or Russia must be very vigilant.
Reinforce cybersecurity: reminder of some computer hygiene rules
In its “Frequently Asked Questions – Resilience plan for companies following Russia’s attack on Ukraine”, the Government invites employees to follow a few computer hygiene rules. The first consists in strictly separating uses of a personal nature from those of a professional nature.
It is requested to protect access with correctly chosen passwords and not to reuse them for several digital services. Thus, professional messaging must have passwords that are distinct from those of personal messaging.
Concerning more particularly professional email, employees must be vigilant to the emails received to avoid clicking on a malicious link or attachment.
In its computer hygiene guide, the ANSII specifies that messaging is the main vector for infection of workstations. If in doubt about the origin of an email, ask yourself the following questions:
- is the sender known?
- Is information from him expected?
- Is the proposed link consistent with the subject discussed?
The redirection of professional emails to personal messaging is to be avoided in order to protect the company from leaks of confidential, strategic information.
Employees are also advised not to connect professional equipment to uncontrolled networks, in particular public WiFi networks (station, train, cafes).
The company’s WiFi network must also be secure. A unique and shared password is not recommended. It is important to provide a WiFi connection for personal terminals or visitors separate from the connection for company terminals.
Employees should not leave equipment unattended. When the user leaves his workstation, locking the session is recommended.
In order to protect their work space, it is requested not to connect USB keys offered, unknown. The use of keys whose source is known but not the integrity of the content must be inspected by the anti-virus of the workstation.
Government, FAQ – Resilience plan for businesses following Russia’s aggression in Ukraine, 1er April 2022
Computer hygiene guide, strengthen the security of your information system in 42 steps
Lawyer in social law and editor at Tissot Editions
We want to say thanks to the author of this post for this outstanding content
Strengthening cybersecurity: the rules of computer hygiene to follow
Explore our social media profiles and also other pages related to themhttps://yaroos.com/related-pages/