# 1 Set complex and unique passwords
The company must impose the use of difficult passwords, consisting of at least 10 to 12 characters combining upper and lower case letters, numbers and special characters. Each service deemed essential must have a unique password, which will never be reused on other platforms. To increase your computer security, this password must also be changed periodically, and cannot be pre-recorded on a browser or a terminal free of access!
# 2 Perform regular (or automated) updates
By allowing you to patch vulnerabilities and increase your IT security, updates from software and operating system vendors need to be implemented very quickly. For that, it is necessary either to configure the patches so that they are installed automatically or to load a person internally to download them from the official sites.
# 3 Perform systematic data backups
Company data may be compromised due to terminal theft, computer failure, or incident involving premises (fire, water damage). To avoid any harmful loss, it is necessary to make backups as often as possible on mobile devices or a cloud service. Access to the most sensitive backups (data vital to the survival of the SME) will be reserved for the manager or administrator.
→ Why it’s time to take data theft seriously!
# 4 Protect WiFi access from SMB (and avoid public WiFi)
An unsecured WiFi can allow access to the corporate network. This is why we must avoid the public terminals which are very little protected, and take care to protect the private terminal reserved for the company. Improving computer security also means changing the password and the default connection key of the WiFi terminal before first use. Also, remember to activate its encryption protocol. Each terminal must also be protected by an anti-virus and a firewall during each connection to the Internet.
# 5 Redouble vigilance in mobility situations
During a business trip, employees must secure the data transported on a mobile device (which will be configured to lock automatically). Only the data necessary for the mission must be recorded on the hard disk, WiFi / Bluetooth connections must be disabled if they are not essential. To increase your computer security, also avoid connecting the device to a device belonging to a third party, or use a USB key that was offered to you.
# 6 Beware before clicking on a link
Two things to know: e-mails are one of the main entry points for hackers and the identity of a sender can be usurped. Therefore, never click on mail links or documents from unknown recipients, and be sure to start an anti-virus scan on every message received (including those from colleagues).
# 7 Check a site before paying online
When paying on the Internet, check that the website address contains the word “https” (instead of “HTTP”) indicating that the site in question is authenticated and that your bank details are correctly encrypted. Whenever possible, modify the website parameters so that a confirmation code is sent to you by SMS before validating an order.
# 8 Separate personal and professional uses
Some hackers do not hesitate to launch an attack on the addresses or the personal terminals of an employee to better infiltrate the network of the company. For this reason, it is recommended to separate private and professional uses. Ask your employees not to forward corporate emails on their personal email (and vice versa), and not to use a home appliance to host or transport the data of your SME.
# 9 Preserve the digital identity of employees
Malicious third parties can use social engineering to collect online information from your collaborators to steal their digital identity or recover their passwords, and then attack the business. It is therefore essential that they restrict themselves in their digital exchanges and that they avoid sharing too much information on social networks
# 10 Educate and write a computer charter
The company must ensure the awareness and training of its employees regarding computer security. Ideally, a computer charter will be drafted internally to specify the best practices to adopt, and the procedure to follow in case of theft or cyber attack. Communication campaigns can also be carried out periodically on the subject.