Cybersecurity

One out of three Swiss SMEs has already fallen victim to a cyberattack, and the risk continues to increase, according to the National Center for Cybersecurity (NCSC). How can one best protect their company against this risk?

Theft, extortion, blackmail, sabotage... Cyberattacks embody an extension of physical world criminality into a dematerialized environment. However, the magnitude of the risk posed by these attacks is often still underestimated by Swiss SME leaders – who make up 99.7% of the country's businesses. While the digitalswitzerland initiative offers a rapid test specifically designed for SMEs wishing to assess their exposure to risk, here are also a few good practices to adopt in order to both reduce the level of risk and the severity of the attack.

1. Maintain an equipment inventory and perform regular backups

The initial step to mitigate risks involves compiling a comprehensive inventory of all equipment (PCs, tablets, smartphones, printers, external hard drives, USBs, etc.), software, and data requiring protection. Only this inventory, conducted at least annually, provides insight into what needs safeguarding while pinpointing essential elements crucial for the company's proper functioning. Leaders must also verify the validity of their usage licenses – a significant check both legally and for maintenance purposes. Another essential move is evaluating access rights, which helps determine who can access what and establish varying access levels (visitor, user, or administrator), with progressively stricter permissions to reduce the exposed "surface". In the event of an intrusion, the higher the access level, the more extensive the potential damage.

Every SME should also ensure regular data backups to facilitate swifter recovery of operations in case of incidents, particularly ransomware attacks. While the specific nature of crucial data varies based on each company's activities, certain data consistently hold critical importance: customer files, emails, contracts, accounting information, etc. The backup frequency should be assessed individually, considering the volume of generated information. Additionally, it's crucial to blend online and offline backups. The former allow rapid recovery but remain susceptible to attacks. Although not immune to malfunctions, the latter – like an external drive – remain disconnected from the network.

2. Raise employee awareness about the importance of strong passwords

Many cyberattacks succeed because employees use passwords that are too simple. According to a study by AXA insurer, only one in two SMEs has established rules in this regard.

It's helpful to remind your teams of how hackers operate. The most common practice is brute force: the attacker tries numerous possible combinations until finding the correct one. They may also narrow down attempts by focusing on common options like common names, sequences of numbers (0000), or letter patterns (qwerty). Finally, they may test solutions inspired by publicly accessible information, especially from employees' personal accounts, attempting to guess a nickname, the names of loved ones, or a pet's name.

The NCSC suggests that a strong password should have at least twelve characters (fifteen for critical access) and combine special characters (like "&" or "£"), numbers, and both uppercase and lowercase letters. No personal information should be included (birthdate, first name, etc.). Additionally, it's crucial not to use the same password for accessing different software or websites. This precaution helps isolate credentials in case of a successful attack. It's also essential to advise employees not to use the same passwords for professional and personal contexts.

An alternative is to implement widespread two-factor authentication (2FA): if this is in place, a sole password is no longer sufficient, and the user must provide additional information to access their account – for instance, by inputting a code received via SMS or receiving a unique access link.

3. Respect certain technical measures

Firewalls and Antivirus Software

Antiviruses and firewalls enable the identification of malicious programs and files. For this reason, their installation is as essential as their ongoing updates, given the hundreds of thousands of viruses or malicious codes released every day. Most antivirus programs available on the market offer automatic network scans and updates. Therefore, it is imperative to promptly activate them in the settings.

Remote Access

With the rise of remote or nomadic work, the issue of remote access becomes even more crucial as many employees work in public places or on public transportation, exposing them to specific risks that certain best practices can help mitigate. The primary practice involves never connecting personal devices or third-party equipment to one's professional tools. It is also preferable not to connect your workstation to captive portals (stores, hotels, etc.), but to prioritize using your mobile phone's hotspot. Additionally, the company must be immediately notified in case of theft.

Securing Email Communication

Email remains the primary vulnerability exploited by hackers, whether to inject fraudulent software through an attachment or to entice clicking on a link leading to a malicious website. Educating employees about habits such as verifying the sender's familiarity, confirming the credibility of their address, and ensuring the message's subject aligns with the norm can significantly reduce the risk of an attack. In cases of doubt, verifying the message's authenticity through an alternative channel (phone, SMS, etc.) with the sender can prove beneficial. Other practices involve technical measures like implementing anti-spam and anti-phishing solutions to enhance the detection of phishing attempts. The NCSC also provides a list of file formats considered risky.

4. Outsource your safety procedures

Unlike many large corporations, SMEs often opt to engage a specialized service provider to ensure their cybersecurity. While this approach is commendable, especially for server and email management, the choice of provider remains critical. This decision hinges on the needs, priorities, and resources unique to each SME. Web giants offer turnkey solutions that are often more cost-effective than local partners, but the latter host critical data within Switzerland and are often more responsive when needed. Several labels, such as CyberSeal (only in German, French and Italian) or Cyber-safe (only in German and French), distinguish recognized providers, specifically developed by the Swiss Association for Cybersecurity Labeling for SMEs. These labels or certifications ensure that the chosen provider adheres to recognized standards in data protection (as outlined in the new Data Protection Act) and security, possessing the required expertise.

5. Understand the main methods used by hackers

To infiltrate corporate networks, hackers employ tools that exploit either human or technical vulnerabilities, sometimes blending the two. The most common types of attacks include:

Manipulation

As a form of psychological hacking, social engineering involves manipulating employees to make harmful decisions through various means. By using publicly available information from a company's website or an employee's social accounts, a hacker can attract attention by playing on emotions or empathy. They may also gain trust by posing as a trusted third party, like a friend or colleague.

Malware

Malware refers to a range of programs, including viruses, developed to harm a computer system and exploit its resources (data, memory, network). These programs use various avenues to achieve their goals, including email, file sharing, fraudulent web pages, and USB drives.

Phishing

A phishing attempt involves extracting sensitive information by using a fake email or SMS that appears innocuous, such as a package delivery notification, receipt confirmation, or identity verification request. Clicking on a link or downloading an attachment can unwittingly spread malware within the company's network.

CEO Fraud

This cyber version of fund diversion involves tricking an individual who may have sensitive banking information into making an urgent or confidential transfer, often using the identity of a top executive.

Distributed Denial of Service (DDoS)

By overwhelming computer servers with connection requests, cybercriminals can saturate a server's bandwidth and deplete a system's resources, rendering access impossible.

Ransomware

Ransomware locks computers or essential files crucial to a company's operation. The cybercriminal then demands a ransom in exchange for unlocking them. This infection can occur after opening a manipulated attachment, visiting compromised websites, or as a result of a system breach.

6. Adopt the right reflexes in an emergency

In the event of a confirmed incident, the initial step is to disconnect the company's equipment from the internet (via wired or Wi-Fi connection) while leaving the affected computers powered on. This containment strategy serves to curb the attacker's actions and notably reduces data leaks. In the case of ransomware, the foremost rule is to refrain from hastily paying the demanded ransom, as decryption solutions are available.

Confronted with any form of attack, it is crucial to inform your partners to prevent potential damage spread – in the scenario where attackers may have gained access to exploitable information, such as password bundles or sensitive data.

Furthermore, it is advisable to report any incident to the National Center for Cybersecurity (NCSC), even if no significant harm has occurred or if it's merely an attempted attack. These precautions help facilitate the work of professionals and investigators in case of a complaint: while reporting cyberattacks to competent authorities isn't mandatory, the NCSC nonetheless emphasizes the importance of reporting to advance the legal response and sustain the long-term fight against cyber threats.

Information