NosakiiS Group helps SMEs to strengthen their protection measures against cyber attacks and to secure their IT systems
Cybersecurity: How to apply good practices to minimise the risks of a cyber attack?
NosakiiS Group provides SMEs in French-speaking Switzerland with the skills of its engineers to strengthen their capabilities in terms of cyber defence.
Favouring a "business practices" oriented approach, NosakiiS Group proposes a cyber defence strategy based on 3 pillars:
- Preventing: After a personalized audit of the company's organization, NosakiiS Group establishes the preventive measures that should be applied to minimize the risks, proposes an adequate training of the staff and recommends the best practices to be adopted at the level of the work processes.
- A secure IT infrastructure: NosakiiS Group identifies the weak points of the technical infrastructure and recommends corrective actions to remove them.
- The emergency plan: NosakiiS Group establishes the procedures necessary to restart activities after a cyber attack and ensures their implementation among the company's staff (training, practical exercises, knowledge verification).
Cybersecurity, an underestimated but necessary topic
Although for many people the digitalisation of companies is synonymous with the robotisation of industrial production, the automation of services and the digitalisation of work processes, few company managers are aware of the resulting IT risks.
Digitalisation greatly increases a company's vulnerability. Cyber attacks, system hacking, data corruption or theft are nowadays proven risks that can threaten the very existence of the company. According to the latest study by the auditing firm KPMG, 56% of companies that are victims of a cyber attack suffer a business interruption, 36% suffer financial losses.
Although 100% effective data protection is not possible, the company can minimise the risks involved by implementing a serious cyber defence policy.
The SME should start with a digital security audit and then apply good practices
With the media reporting daily on the discovery of new security flaws in the most common software and hardware (zero-day vulnerabilities), it is no longer feasible to delegate the protection of one's data to solution providers and to put blind trust in the technical infrastructure.
The company must act proactively by modifying its organisation and working methods and adopt good practices that minimise the consequences of a computer attack.
Nosakiis Group conducts a digital security audit of your organization. The main axis of the approach is to make a balance between security constraints, costs and preservation of productivity. The aim is to diagnose the weak points, to identify the information to be protected and to propose solutions to reduce the company's vulnerability to cyber attacks.
Raising staff awareness of cyber security
In cybersecurity, the weakest element remains... the human being. The majority of cyber attacks (malware, viruses, espionage, phishing, ransomware, etc.) originate from inappropriate user behaviour.
It is therefore essential to organise appropriate staff training to raise awareness of the risks and drastically reduce risky behaviour, such as downloading attachments containing a virus, replying to fraudulent e-mails, using simple passwords, etc.
NosakiiS Group offers cybersecurity awareness courses adapted to each type of user: administrative staff, external service employees or management bodies.
The SME must have a contingency plan in case of a cyber attack
Faced with increasingly active cybercrime, Swiss companies are characterised by a total lack of awareness of the risks involved: More than 53% of SMEs have no contingency plan in case of cyberattacks.
As no protection is infallible, it is necessary to take all the necessary measures to allow a rapid restart of the company's activities following a cyber attack.
This requires not only the organization of periodic data backups, but also the establishment and preventive testing of data repair and recovery procedures to be applied after an incident.
Nosakiis Group defines for your company the procedures for securing data, the emergency plans in case of disaster as well as the procedures for repairing facilities and recovering data.
Data protection according to ISO 27001 and ISO 27002
ISO 27001 is the international standard established by ISO (International Organisation for Standardisation) and IEC (International Electrotechnical Commission) that defines the requirements for the implementation of an Information Security Management System (ISMS). The objective of the ISMS is to protect functions and information from loss, theft or alteration, and computer systems from intrusion and computer damage.
ISO/IEC 27001: Information technology — Security techniques — Information security management systems — Requirements
The international standard ISO 27002 established by ISO and IEC lists 114 measures, known as "best practices", to be used when setting up and maintaining an Information Security Management System (ISMS).
ISO/IEC 27002: Information technology — Security techniques — Code of practice for information security controls