In France, the National Agency for Information Systems Security, or ANSSI, is the national authority for information systems security and defense. At the European level, the General Data Protection Regulation (GDPR) regulates the use of data and is the reference text in the fight for data protection. In France, the CNIL (Commission Nationale de l’Informatique et des Libertés) is responsible for ensuring the protection of personal data in public and private computer files and processing.
Content security: the birth of cybersecurity
The aim is to protect the content of an organization, its citizens or a country and to prevent it from being stolen, deleted or modified. The definition of cybersecurity takes into account all the organizations that ensure the control of the data of companies and citizens. Content security is a subject dealt with by the State, but it is also a question of users keeping control of their data by respecting strict rules of use of cybersecurity. Some examples of processes to improve the security of corporate content:
- Work with the latest versions of your work tools
In other words, do your updates! This reduces the risk of cyberattacks. Indeed, hackers use security holes in obsolete applications to achieve their goals, so it is important to always work with tools and antivirus whose databases are up to date.
- Use complex passwords
The number one security flaw in companies is human error. Thus, the simplicity of passwords is an open door to cybersecurity breaches. There are still many employees who use the same passwords for all applications or use simple words (pet names, names of close people). If there is a security breach in the password in question, the entire work environment could be corrupted. Prefer random passwords created by generators and change them regularly. Do not store your passwords on paper or on your cell phone or on any other easily accessible place.
- Beware of e-mails from unknown senders
Beware of messages from outside arriving in your mailboxes. Avoid opening messages from unknown addresses.
- Do not open attachments from emails you do not know the source
Do not click on links in messages from which you are not sure of the origin and do not open attachments to messages from email addresses you do not know.
- Requests for personal information by e-mail: phishing
Beware of phishing attempts during which you receive an e-mail resembling a communication from your company (or suppliers, banks, etc.) asking you for personal information such as passwords or identifiers. No serious organization will ask you for them.
- Wi-Fi networks outside your company are not secure
In a mobile situation, using Wi-Fi in a public space or elsewhere is contrary to the company’s security policy. It is an entry point for cyber attackers, jeopardizing data security.
- Use certified tools with a very high level of security
In addition to good daily cybersecurity practices on each user workstation, it is also possible to secure content by using solutions that make security one of the cornerstones of their offerings. This is the case with Oodrive solutions. The use of certified professional solutions is necessary for your company’s data security policy.
Faced with the rise in cyber attacks, the ANSSI (French National Agency for Information Systems Security) has published a reference framework to guide companies in their choice of solutions. Given the diversity of the offer and the rise of cyber dangers, this subject has become very strategic, hence the intervention of the ANSSI to clarify the subject. This is how the Secnumcloud security visa was created, with extremely high security requirements. Providers applying for this qualification must implement physical, contractual, IT and organizational security measures. (Encryption, information security reinforcement, compliance with the PSSI or Information Systems Security Policy and many others). By choosing one of these players, of which Oodrive is a part (the first Secnumcloud certified player), companies are freed from the constraints of their content security in order to focus on their core business.
