Guide: Secure your company's workstations
The desktop is one of the most common entry points for cyber attackers.
Without knowing it, your employees work daily on computers and connected devices that can be used by people outside your company to attack your computer system, in order to steal your sensitive data, or to sabotage your company.
In this article, you will learn about the threats to your company and to the computers used by your team, as well as the methods of securing them and the associated best practices.
Definition and importance of workstation security
Definition of the security of the workstation
Securing your company's workstations means implementing software and best practices (including ongoing user training) to limit any risk of cyberattack.
In this article we focus on the software and hardware aspects of securing the workstation, excluding external factors (fire, flood, physical theft of the computer, etc.).
Reminder on the challenges of cybersecurity in the professional context
It is important to become familiar with cybersecurity issues when approaching desktop security.
Indeed, the number of cyber attacks is exploding and so is the average cost associated with an attack.
Threats to your workstations
The two most common threats are viruses and malware.
Definition: malware
Malware is the English term for malicious software.
This term is generic and covers a wide variety of software used by cybercriminals, including: viruses, Trojans, worms, ransomware, spyware, scareware, etc.
Next are phishing and spear-phishing attacks.
Definition: phishing
Phishing translates into French as hameçonnage.
In this type of attack, the cyberattacker pretends to be a well-known company (a large bank, for example) or a government agency (URSSAFs, tax office, etc.), reproducing as faithfully as possible its graphic charter (logo and colors) and writing the same type of emails, in order to fraudulently obtain your access codes or your personal data.
In spear-phishing attacks, the fraudster uses social engineering to get even more specific personal data. The goal is to really make you feel like you or your company is the target of a legitimate email.
There are also more technical attacks, such as brute force and denial of service attacks. The latter are aimed at hacking the computer, stealing or destroying data.
Finally, let's mention the natural risks:
- electrical surge,
- fire,
- overheating,
- flooding, etc.
Security measures to be put in place
To ensure the safety of your employees' workstations, strong and effective measures are required 🙂
Here are our practical tips to put in place as soon as possible:
- Carry out regular updates of your operating systems and software.
- Install and use antivirus and antimalware software.
- Install firewalls and content filters.
- Work on the security policy regarding passwords and identity management.
- Train and educate users.
- Protect network access.
- Make regular backups of your data (or use a Cloud tool).
A lot of things to do! To help you out, Rzilient will take care of a large part of these tasks when you use our managed services platform.
Best practices, user side
As we saw in the previous section, users are a potentially weak link in the security of their workstations, and must therefore be made aware of this.
Here are 4 key tips to pass on to your teams:
- Create and use sufficiently complex passwords.
- Avoid opening suspiciousemails and attachments.
- Strictly adhere to the company's cybersecurity policies.
- Separate the professional from the personal (it would indeed be a shame to bring a computer virus from a personal email box to your workplace!)
To support your teams and structure your approach to securing workstations, we strongly advise you to :
- Create and disseminate a formal and clear security policy (understandable to non-IT specialists),
- Regularly train your employees on safety practices,
- Implement a security incident response process.
Actions to be taken on the outsourcing side
Now let's turn to the IT teams. They also have an important role to play in protecting workstations.
First of all, by ensuring their regular monitoring and analysis. For this, IT experts use dedicated tools, in particular to analyze activity logs.
It is also important to follow security alerts, so that you don't miss any necessary software updates.
The key words here are anticipation and automation.
Anticipation allows you not to be overwhelmed by a complicated situation (a coordinated attack, affecting both workstations and company servers, for example).
The purpose of automation is to relieve your IT experts of repetitive and uninteresting tasks (such as installing a new version of software on all the company's workstations), so that they can focus on the essentials.
It should also be noted that the use of professional computer equipment and terminals is strongly recommended.
Finally, a diligent control of accesses from outside your company must be organized, in order to limit vulnerabilities.
The Rzilient IT asset management platform does all this.
Contact us to discuss your needs in terms of securing your workstations!
Securing your workstations: a key success factor for your company
Securing your team's workstations is now more or less the same as securing your company!
It takes effort and expertise to ensure an effective security policy, but it is no longer possible to ignore this aspect of your risk management.
Mathieu Maréchal