Ne négligez pas la sécurité informatique !

The risks associated with information technology and computerisation are the subject of countless publications and regular reports. Is it still useful to write something about this subject? Let us say yes, to the extent that individual practices are evolving slowly and where we can still see a lack of prudence on the part of companies and their employees. Or the Swiss economy, by virtue of its prosperity, is attracting the convoitise of nombreux pirates. It is fair to say that Switzerland is the third most dangerous country in Europe. This is in addition to the fact that information technology piracy has now become a real industry, with criminal companies recruiting specialists in various fields and offering their services to other companies in return for remuneration.

The scale of the phenomenon is reflected in a growing political concern. The first mission of the State in this area is to protect its own systems (cyberdefence) and to safeguard cyberadministration - or rather cyberdemocracy, with the development of electronic voting, which is controversial but probably inevitable. The public authorities also need to ensure that certain aspects of legislation evolve and to provide an infrastructure that allows us to verify the identity of our interlocutors on the Internet (electronic identity). They can support the action of higher education institutions, which are developing new technical solutions and new training in the field of cyber security.

The Federal Administration provides various services to help companies assess and improve their security. The best known of these is the "MELANI" information centre, which regularly reports on the latest risks, their consequences and ways of protecting oneself. We can also mention the presence on the market of a rapid cyber security test for SMEs, proposed by the leading ICTswitzerland association with the support of the Confederation and other partners.

Une liste (non exhaustive) de mesures de sécurité
All businesses should make the best use of these different tools in order to strengthen their security, bearing in mind that businesses that are little known or of modest size are not as important as others: on the one hand, pirates see them as easier targets; on the other, they can serve as gateways to more important businesses. On the other hand, large companies must be aware that their trainees can sometimes represent the "weak links" in their security.

From a practical point of view, it is important to list and evaluate each type of risk: loss or blockage of data, paralysis of strategic infrastructures, financial losses resulting from accidents or losses, reputational damage. As regards the safety measures to be observed, they are generally known: be extremely careful with the electronic mail received, check the identity of the sender, check the links they contain, even if they contain joint documents; check the identity certificates of the sites on which you are navigating, especially if you need to enter information there; recourse, where possible, to double authentication procedures (confirmation by portable telephone) and, in all cases, the adoption of passwords that are complex and different for each service, following the evolution of technology (the passwords that are currently inviolable risk becoming inoperable with the development of quantified data processors).

Tendances actuelles : objets connectés et ingénierie sociale
There are still some risks that are too often ignored, such as the multiplication of connected objects: remote control devices, remote control devices, or even simple photocopies. If these objects are poorly secured, they can provide easy access to the entire network of a company. Another danger that needs to be dealt with is social engineering, where pirates, using computer data, try to exploit human dignity, for example by passing it on to a boss or a manager of the company, or to a supplier. The best-secured network will not be of any use if a regular employee is convinced to make a non-controlled payment or to give a slip of the tongue.

As a general rule, all employees must be made aware of and trained in cyber-risks and how to protect themselves. IT security is a collective task, both within a company and for the whole of the Swiss economy, and it can become a valuable competitive advantage.