DIGITAL SURVIVAL MANUAL

Aimed at professional organisations and their staff

CONTENTSEDITORIALOver the course of a few years, cybersecurity threats have jostled their way to the forefront of economic risk factors.Ransomware, threats to corporate images, espionage and sabotage: cyber-criminals use a multitude of different attack vectors but the consequences of their attacks for businesses are often indistinguishable: breaches of confidentiality or loss of data that can

cause major disruptions or even a permanent shut-down of operations.

An effective cybersecurity defence system is based on three complementary approaches:» Education: An effective prevention policy implemented among staff.» A preventive arsenal: to limit cybersecurity risks: antispam, antivirus, firewall, and a policy for updating all applications.» A professional response system: to counter any cyberattacks that do get through: an effective backup system and business continuity plan to recover from attacks in line with best practices.This Manual aims to provide business leaders and HR managers in SMEs with a simple, easy-to-understand, effective approach towards implementing an effective policy of education within the company.We hope that you will find it useful and that you will distribute it widely among your staff.Of the three core aspects of any cybersecurity policy, education is undoubtedly the most important. Moreover, it is also the least expensive to implement in an organisation.If you want peace, prepare for cyber war! Enjoy reading!

Luc d’URSOCEO and Chairman

WOOXO SAS

Successful password management ........ 3

Controlling the source and content of e-mails ............................. 7

Keep your wits about you on the move ............................................. 11

Keeping your system up-to-date ........ 15

Be careful with online purchases ........ 17

Any questions? Get in touch! ............... 19

SUCCESSFUL PASSWORD

MANAGEMENT

-------------------------------------------------------------------------------------------------------------Successful password managementSuccessful password management -----------------------------------------------------------------------------------------------------------

4 5

What’s it all about?Your password is part of your digital ID. It allows you to ensure that the person behind the connected device (PC, tablet, or smartphone…) is indeed the authorised user of your business resources such as documents, databases, applications, or hardware.These resources may be shared with other persons who have similar authorisations, e.g., a computer server.

Why would cyber criminals be interested?

Taking over your digital identity allows individuals with harmful intentions to:

» Steal or destroy protected resources for the purposes of blackmail or to harm your reputation.

» Carry out activities in your name (sending an e-mail or bank instructions).

» Spy on your data and activities.

How do they obtain passwords? » Bulk attacks: by using the online black market to acquire a database

stolen from a service provider such as a telecoms operator, cloud solution provider, social network or dating site containing legitimate

personal data

» Targeted attacks: using publicly available information about your private life that is collected and combined to reveal your private information: your nickname, date of birth, the names of your spouse, children, or pets, or by using spyware or a keylogger installed without your knowledge by malware on one of your devices via a website, advertising banner, or

intentionally affected e-mail attachment.

Best practices » Choose passwords with at least eight characters that

include upper and lower-case letters, numbers, and special characters and refresh them at least every six months.

There are two simple methods for setting and remembering your passwords: The phonetic method: “for my tenants = 4my10ants” or the first-letters of a phrase method: “the 101 Dalmatians are all dogs! =t101daad!”

» When using your smartphone, change the default password from the first time you use it.

» Don’t use the same password everywhere you log in, particularly for sensitive applications such as payment tools, including bank cards or Bitcoin.

» Never disclose the login details for your workstation to a colleague: they could access all your saved passwords via your browser’s advanced settings.

***

CONTROLLING THE SOURCE

AND CONTENT OF E-MAILS

98

----------------------------------------------------------------------------------------------- Controlling the source and content of e-mailsControlling the source and content of e-mails ----------------------------------------------------------------------------------------------

What’s it all about?E-mail is one of the leading routes for cybercriminal attacks.Understandably so: almost half the globe’s inhabitants have access to the internet and an e-mail account.

What is the interest to cybercriminals?Sending you a malicious e-mail provides a simple way for them to: » Infect your hardware to encrypt your data and demand a ransom to

decrypt them (ransomware).

» Steal data from your PC or network if it is connected to one (private or confidential information).

» Spy on you (by recording your keystrokes) and even activating resources such as your webcam or microphone remotely.

How do infections spread?Malicious software is embedded in an e-mail attachment or a clickable button inserted in the body of an e-mail.The program runs automatically or is downloaded from a remote server when you open an attachment or click on a button.

Best practices » Ask your employer to ensure your mailbox is protected by anti-spam

software, insulating you from the vast majority of bulk attacks.

» Never write your login details down anywhere (post-it notes, the back of your keyboard, in a file, or even as a contact in your e-mail program).

» Never respond to e-mails asking you for personal or confidential uding when the layout of the e-mail looks as though it comes from a known service provider.

» If there are links embedded in an e-mail, hold your mouse over them and check the complete address of the target site, ensuring that it is correct and consistent, and watch out for concealed or deceptive URLs (edf.xx.org, orange.xyz.fr, canolplus.fr, etc.) designed to overcome your suspicion.

» Be sceptical if an e-mail from someone you know well (such as a friend or colleague) includes a suspicious attachment (for example, something that claims to be a photo with an unusual extension such as .svg).

» Never forward a viral message from an unknown organisation requesting data or asking you to share information.

KEEP YOUR WITS ABOUT YOU ON THE

MOVE!

-------------------------------------------------------------------------------------------------------Keep your wits about you on the move!Keep your wits about you on the move! ------------------------------------------------------------------------------------------------------

1312

Why should you be even more careful on the move?

In the office, you work in a relatively controlled and safe environment. Access to the site is restricted, and strangers or unwelcome visitors are quickly identified. Work stations are equipped with security tools such asanti-spam and antivirus software and the IT network is private and protected by a firewall and proxy server.Outside work, you can unknowingly encounter people with harmful intent. You frequently log into very poorly secured networks, such as hotel Wi-Fi, business centres, and cybercafés, and in certain countries, you may be using telecom networks that are under strict surveillance. In short, it’s a digital jungle out there

What is the interest to cybercriminals?Industrial espionage, blackmail seeking a ransom payment, injecting malicious information to compromise you, recruiting you as a potential source if you work in a sensitive area: there is no shortage of reasons for taking an interest in your equipment.

How do cybercriminals gain access to your hardware? » When you log in to a public network: a “sniffer” on a Wi-Fi network can

easily identify the sites that you visit, the login details and password that you use, and the documents and messages that you send.

» By connecting your device to an infected piece of hardware: a mobile charging device, or a USB key generously lent by the organisation you are visiting.

Best practices

» If you must be separated from your phone, remove the SIM card and battery.

» Configure your smartphone so that it locks automatically

» When using public transport or facilities, use a screen filter if you view confidential documents to prevent people from reading or taking photos over your shoulder.

» Hotels, business centres, and cybercafés do not offer Wi-Fi connections that are secure enough to guarantee you’re your communications are confidential and secure. When communicating securely, use your smartphone as a router and share the connection with your computer.

» If you must download business documents when travelling, ensure that you use a secure HTTPS connection and work with encrypted files.

» Consider wiping the history of your phone calls and browsing. In some countries, personal freedoms are more tightly restricted than in Europe and this information could be used against you if your equipment is seized. In other countries, your bags and hotel rooms may be searched. Don’t leave your devices in your hold baggage on flights or in your hotel room – not even in the hotel safe.

» In the case of theft or loss, ask for advice from your consulate before notifying the staff in your accommodation or the local authorities.

» Never connect any removable media offered to you. They could contain malware that could infect your device or track your activities.

» Don’t charge your mobile device using public charging stations. Only ever use your own charger.

TITRE DE LA SECTION

---------------------------------------------------------------------------------------------------------------- Keeping your system up-to-date

15

Why?Operating systems (Windows, MacOS, Linux, Android, and IOS) and software applications contain vulnerabilities. Every time cybercriminals discover these vulnerabilities, criminals rush to discover the gaps in security they represent. In turn, software publishers gradually fix the vulnerabilities by offering updates to users.

Best practices » Configure your software so that wherever possible.

» Accept updates offered by software publishers.

» If you have to download an update, never connect to anything other than the manufacturer’s official download site.

KEEPING YOUR

SYSTEM UP-TO-DATE

TITRE DE LA SECTION

----------------------------------------------------------------------------------------------------------------- Watch out for online purchases

17

Why?When making an online purchase from a computer or smartphone, there is a risk that the company’s bank details could be intercepted by cybercriminals, either on your computer or from the database of the vendor’s website.

What is the interest to cybercriminals? » To withdraw money from the business’s bank account.

» To resell the information on the market for stolen data.

Best practices » Never share the security code on the back of your bank card over the

phone.

» Make sure there is a padlock in your browser address bar or at the bottom right-hand corner of your internet browser (note: this padlock is not visible in all browsers).

» Ensure that the website address starts with “https://”

» Check the content of the website for any characteristics that might require you to be particularly vigilant such as spelling mistakes or poor syntax

» Where possible, ensure that an order confirmation code is sent by text message.WATCH OUT

FOR ONLINE PURCHASES

ANY QUESTIONS?

NEED AN EXPERT

OPINION?

------------------------------------------------------------------------------------------------------------------------------------- Any questions?

19

DON’T HESITATE TO GET IN TOUCH

The Wooxo Cybersecurity Hub and its consultants are available from Monday to

Friday

from 9 a.m. to 12.30 p.m. and from 1.30 p.m. to 5.30 p.m.

+33 4 42 01 65 76 ConseilsCybersecurite@wooxo.fr

Or set up an appointment with one of our consultants directly to suit your

availability:

www.wooxo.fr/Programme-Yoonited/Conseiller

NOTES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

515 av. de la tramontane - ZAC Athélia IV13600 La Ciotat - FRANCE

Tél : 0811 140 160(inter.) +33 442 016 579

Fax : 0811 481 507 Email : info@wooxo.fr

About Wooxo:Wooxo publishes software solutions to reduce the risks of business disruption related to loss of data and increases the

productivity of small and medium-sized organisations by enabling their staff to use business documents anywhere, at any time, in a secure manner. Wooxo is a member of the Global Secure Solutions Hub, AFDEL, and the EuroCloud Association, was

awarded the Innovative Enterprise label in 2011, won the TIC PACA Innovation Award in 2012, was nominated for EY’s Future Enterprises award in two consecutive years, and has been listed in EY Syntec’s TOP 250 software publishers for the last three

years, and in the TOP 7 market leading backup providers named by the Markess Research Institute in 2014.The company has also been a partner in the French Government’s Digital Transformation Programme since its official launch.