1. 1 Introduction
  2. 2 Questions
  3. 3 Results
1 of 3 (0%)

Theme 3: Raising Awareness: Your Plan in Practice

You know your resources, you have analysed the enemy forces and developed your battle plan. But have you put all this into practice?

“One day I will go and live in Theory. Because, everything works well in Theory.”

To efficiently defend a castle, it was not enough to have the best strategies on paper. It was essential to train the armed personnel (archers, knights, etc.) and prepare the population for any eventuality, so that everyone would know what to do and be able to play their role accordingly. 

In short, they had to move from theory to practice to avoid everything collapsing on D-Day due to a lack of experience

image illustrative

The same is true nowadays. A large number of cyber incidents are due to the human factor. You can significantly reduce the dangers you face by making yourself, as business owner, and any employees you might have, properly aware of cyber risks

This awareness-raising should include:

  • Your information security policy. In practical terms, what can we do or not do in the company ? For example, with regard to managing access to the computer system (passwords, multifactor authentication, etc.);
  • Identification of the main cyber-attacks and the procedure to follow: malware, phishing , invoice fraud, etc.
  • Your corporate culture. A cyber incident is sometimes detected by an employee but not reported for fear of punishment. Ensure that any staff you may have feel comfortable reporting an incident!
  • Processing of personal data ( GDPR ). To avoid any damage to your e-reputation, as well as a potential fine from the Data Protection Authority

image illustrative

 

Remember

  • Fortified castle in the Middle Ages:
    • Moving from theoretical plans to practice, through awareness and exercises:
      • train the army (archers, knights, etc.);
      • prepare the population for any eventuality (siege, fire, etc.);
      • etc.
  • Cybersecurityfor your business :
    • Moving from theoretical plans to practice, through awareness and exercises:
      • what can/cannot be done?
      • identification of the main threats (malware, phishing , etc.) and how to respond to them;
      • corporate culture: dare to talk about them on a daily basis;
      • protection of personal data and compliance with the GDPR ;
    • etc.