On the eve of the holiday season sales go boomOf course things seem to always simpler a posterioriI've obviously validated all its strategic choiceIn short each has a little fire all woodEach time the reorganization was in painIt is the official client of the Norwegian star Friends for life was watched by more than 11On this side of the Atlantic it is the oppositeQuickly they are shade to the large groupGérard Mestrallet Chairman of Paris Europlace was very clearThe Tenor association brings together specialists in telecommunications. The President of its Security Committee, Gérard Peliks, explains how SMEs are most vulnerable to cybercrime.
Are the needs of the SME safety if different from those of large accounts
The security problem is similar for all the world, the attacks are the same and become more focused. Hackers seek to know the business of the companies in order to then extort money. A company is dependent on Internet to its business, more exposed. However, the ways to respond and the approaches are different. In General, SMEs react more naive way to cybercrime. Motivation and training are more important in large companies where now easily specialists from the security, SME does not. In these, the weak link is the user. However, often, the less secure PC is the Director General, who does not like passwords. A good security starts from the top of the pyramid, otherwise, it cannot walk. First because that information on work of directorate posts are important, then because negligence is part of the security issues. Let us not forget that the internal malice is a source of insecurity as much as external attacks. Therefore, a commitment to training of the users. The consequences of a cyber criminal act can be dramatic for SMEs, far more than for a large account. Take the example of a disfigured Web site. For Renault, or Total, this will smile, his image will be barely wounded. For an SME, it is itself which is disfigured.
To what extent should resort to a claimant
It is necessary for any company to become aware of the data must be secure, because can not secure. SMEs have an advantage, they know where are these data. They must understand the flow of information occurring in the business, the place where they are stored, their degree of confidentiality. There is no internal skills, to get them outside. It is opening its information system to another, although it is inevitable. It must of course open its system of information only to what is required to secure and install a perimeter security through a firewall. Beyond that, there is not two identical security policies. Ensure that the skills of the external claimant, to ask his client references and his certifications. Of these, there are of us origin internationally recognized and issued France CISSP and Cisa, which guarantee a certain level of security. Otherwise, when the hardware or the software comes largely from a given provider, is better to use a provider certified by this provider. More and more often because the appearance of the all-in-one products promotes the relationship with a single supplier, which is more comfortable for the SMEs.
How should SMEs invest
The ideal would be to devote approximately 8 of the it budget on security, rate at which more and more large accounts reach, while not so long ago this percentage was unable to take off from the 2 or 3. The difficulty that any business faces, and especially SMEs, is the delineation of the scope of this budget. Progress is needed in this area.
How to justify a return on investment
When an attack occurs, it is the small business survival is at stake. This justifies his only investment. But the return on investment is. A good security policy, it is also the training and information, users become both more suspicious and more competent and less silly. Moreover, it is easy to measure return on investment in the fight against spam who lose a lot of time to employees. Eliminate spam, it saves time. It is thus the security a profit centre.
