< Back to listing

Posted 6 mai 2020

“Employees are at the center of security, and they are at the same time the common denominator and the most random variable!” explains Pascaline Abdini, General Manager, Cluster Défense Sécurité.


1- Implement and update a security policy suited to business needs

CIOs and CISOs must define an information system security policy aligned with business needs to ensure its performance within the organization. Given the evolution and accuracy of the various cyber-attacks that an organization may face, it must be updated as soon as necessary to ensure its efficiency.


2- Involve senior management to support measures

The CIO/CISO duo needs a strong internal sponsor to facilitate decisions and bring the message to all levels of the organization. Its objective is to support the senior management in the creation of a long-term strategy and raise awareness of the evolution of cyber-risks.


3- Provide training online and face-to-face

Security starts with informing and training IT teams, and also business teams who need to understand why and how to be cyber-responsible.


4- Conduct stress tests to confront employees with real-world situations

There is nothing more concrete and effective than confronting employees with a “real” cyber-attack situation. Any oversight, any action that seems harmless, any personal decision can affect an entire organization. Example: an employee finds a flash drive with a “May 2020 payroll” sticker. Out of curiosity, he plugs it into his computer and without knowing it infects his company’s entire IS.


5- Provide secure and easy to use solutions

41% of French people use their personal equipment to process business data*. The user experience of consumer solutions, a decisive requirement for a large proportion of professional users, leads organizations into Shadow IT. To avoid this, it is recommended to provide employees with solutions that are both user friendly and secure, to ensure their adoption.


 “We use every security incident as an opportunity to communicate and remind them of best practices. The most important risk remains human. This is the most complex point to manage. You are permanently repeating so that best practices become second nature.” Stéphane Renaud, CIO, Vivendi


* Économie Matin, 2015 – http://www.economiematin.fr/news-entreprises-le-byod-un-danger-pour-la-securite-informatique