Webinar : Cybersecurity – the basic rules
Sep 29, 2022
5/5 - (13 votes)

During the week of the liberal professions which took place from 19 to 23 September 2022, ONE GDPR had the opportunity to host a webinar on the basic rules of cybersecurity.

Our cybersecurity Expert, Jean-Pierre HEYMANS, spoke for 1 hour and 45 minutes on practical cases highlighting cybersecurity flaws in lawyers, estate agents, accountants, etc.

Indeed, many liberal professions do not bother to put a “strong” password to enter their session, to update their software, to make regular backups, to separate personal and professional uses, …

We will go through all the case studies and good practices again :

Choosing your passwords

Case study:

Quentin is a chartered accountant and regularly checks his company’s accounts on his bank’s website. For simplicity’s sake, he chooses a weak password : 123456. Unfortunately, this password has been reconstructed during an attack. The company has just been hacked and stolen €30,000.

Best practice :

  • Password of 12 characters ;
  • Different type of password (numbers, capital letters, …) ;
  • Not related to you (name, …) ;
  • Not in the dictionary ;
  • Unique password for each service ;
  • Do not keep CDMs on post-it notes ;
  • Do not pre-register passwords ;
  • Change your passwords every 3 months ;
  • Use a digital safe ;
  • Activate two-factor authentication (2FA) ;

Update your software regularly

Case study:

Dominique is a lawyer and does not always update her software. Without realizing it, she opens an attachment that was rigged. A hacker has access to her computer and spies on her.

Best practice :

  • Turn off your computer every night ;
  • Update your software very quickly ;
  • Configure your software – automatic update ;

Know your users and providers well

Case study:

Thomas is a notary and surfs the Internet with an administrator account. Without realizing it, he clicks on a link that sends him to an infected page. A malicious program has installed itself on his PC and has access to the client database.

Best practice :

  • The administrator account is reserved for the IT department ;
  • The user account is reserved for employees ;
  • Delete anonymous and generic accounts ;
  • Identify who can be an administrator ;
  • In the event of a departure, remove access ;

Make regular backups

Case study:

Sebastien is an estate agent and never backs up his PC. Without any warning, his PC crashes. Sébastien has just lost his client file created 10 years ago.

Best practice :

  • Determine what data needs to be saved ;
  • Make a copy of your backup ;
  • Disconnect your backup from your PC ;
  • Tablet, PC, mobile phone ;
  • External media (hard disk) ;
  • NAS external to the company ;
  • Cloud: target of computer attacks ;
  • Plan your backups ;
  • Test your backups ;

Protecting your data while on the move

Case study:

Martin is an estate agent in several countries and meets a person he does not know at an airport. The “friend” wants to recharge his mobile phone with Martin’s PC, which is not a problem. Martin is unsuspecting and has highly confidential data exfiltrated.

Best practice :

  • Only take the necessary data with you ;
  • Have a backup of this data ;
  • Disable Wi-Fi and Bluetooth ;
  • Have your equipment analyzed after the mission ;
  • Use a screen protection filter ;
  • Use a distinctive sign on your devices (colored sticker) ;
  • Do not use pre-recorded passwords ;

Be careful when using email ;

Case study:

Jean is a lawyer and has been receiving bills every month for the past 3 years and pays them without paying attention, automatically. He did not realize that a letter had been changed in the email address he received (instead of having an “I”, there are two “II”). The email and attachment were fraudulent and Jean has just made a transfer directly to a hacker.

Best practice :

  • Check all the letters in the email addresses ;
  • Don’t “forward” – copy the address ;
  • Never give out personal or confidential information ;
  • Organize awareness sessions (staff) ;
  • Use an effective and up to date anti-virus software ;

Separate personal and professional use

Case study:

Alain is a real estate agent and likes to work at home in the evening via his personal computer. Without knowing it, his computer was hacked. By connecting to his own PC with software specific to his company, he has just brought the hacker into the professional sphere. The hacker has access to all the company’s sensitive information which he sells to the competition.

Best practice :

  • Do not store any business data on your personal PC ;
  • Do not connect a personal USB stick to your professional PC ;

Do you want to review the entire webinar ?