How can you reduce the risk of computer piracy?

In barely 10 years, corporate cybersecurity has become a major issue. Cyber threats are now everywhere, meaning that we have to increase our vigilance and use appropriate tools for reducing our exposure to the risk of piracy. We take stock of good practice.

IT threats are skyrocketing. For example, in the second half of 2022 alone, global cyberprotection leader Acronis revealed that it had blocked some 21 million URLs on the various devices that it protects. That's a 10% increase on the first half of the year. Piracy targets IT equipment and online accounts. And all companies are affected. The level of exposure varies depending on the size of the company and the sector in which it operates, as well as – more crucially – how well protected its vulnerabilities are.

What form does computer system piracy take?

In the digital age, the way in which IT systems are configured can either invite or block intrusion. There is no shortage of points of entry. It could be a security flaw in the operating system (OS) of a smartphone, PC or laptop, tablet, printer or server. Or it could be a poor configuration or a particular piece of software installed (such as a videoconference programme). And increasingly, the risk of intrusion can come from fake Wi-Fi networks, or when the use of USB keys booby-trapped with computer viruses – ransomware – is still possible. In fact, according to some industry commentators, ransomware could cost us a total of US$30 billion globally in 2023.

Where is the Achilles heel of online accounts?

Hijacking an online account is the ultimate aim of a hacker – that grants them access to company data. Hackers are able to do this either by taking control of a piece of equipment beforehand that contains login credentials for the victim's various professional and / or personal accounts, or by compromising one of the passwords in use.

To stop this from happening, discarding weak passwords and replacing them with significantly more complicated formats made up of a mix of letters, digits, special characters and uppercase / lowercase letters is highly effective. This precaution proves useful when a piece of hardware is lost or stolen – it makes it very complicated or even impossible for anybody to maliciously connect to it from the outside.

Email represents a weakness in any IT system. Companies use email to communicate with employees, suppliers, partners and clients. Given the wealth of information and the sheer quantity of data contained in email systems, it is no surprise that they are a favourite target of computer pirates.

Who does not receive at least one fraudulent email per day designed to extract sensitive data from them (phishing)? A real scourge! By opening up such emails and clicking on a fraudulent link or downloading an infected attachment, the company or its employee is running the risk of having their identity stolen, or of downloading a virus or malicious code (ransomware) that will make it easier to have their data stolen or their conversations and sensitive information hijacked.

This phenomenon can also take the form of a phone call, in which case it is referred to as vishing. Fortunately, no company gives people the option to reveal their credentials and passwords over the telephone.

A few habits to get into to protect yourself from fraudulent emails

There is a lot to watch out for when it comes to bolstering email security. First of all, look at the domain name used. Often it is not quite the same as the real one. For example: @axa-partners.com or @axapartner.com instead of @axapartners.com.

Then there is a whole series of checks to consider:

• Preview the email: by using a preview tool, the employee can see the contents of the email without opening it. This reduces the risk of intrusion or misguidedly clicking somewhere.
• Check the identity: an authenticity checking programme can be implemented in order to check whether or not the email is from a trusted source. Emails the authenticity of which cannot be verified are automatically rejected.
• Encrypt data: sensitive information shared over email should be encrypted using encryption tools. This prevents computer pirates from viewing the data in question.
• Save data regularly: electronic data sent over email must be saved somewhere safe and centralised so it can be used in the event of an emergency. Saving it will prevent data loss and will enable it to be recovered more quickly in the event of a data violation.
• Install an email gateway: a secure email gateway functions as a firewall and analyses incoming and outgoing emails, looking out for any contents or threat. It blocks viruses and malicious software, filters out spam, archives email and checks its contents.

Cybercriminals will do anything to access our companies' data. Although attacks targeting company leaders – who may fall for CEO scams in particular – can be lucrative, employees are more frequently targeted, including mobile employees and remote workers. Raising employees' awareness and encouraging them to get into the right habits and use appropriate tools will reduce the company's risk of falling prey to cyberattacks.

Raising employees' awareness may involve adopting an IT charter. By defining rules and setting out examples of best practice, it provides an overview of the type of equipment available and general instructions for using it, alongside the precautions to take when using telephones, emails, when browsing the Internet or sharing files, etc. For it to be comprehensive, it should also include all aspects to do with mobility and working remotely.

Training and role-play to guard against computer piracy

According to studies, human error plays a part in more than 95% of IT security incidents. Reducing the number of attacks also involves providing employees with regular and repetitive training – on a face-to-face basis or remotely – about the fundamentals of cybersecurity and the right habits to get into. This teaches people to recognise the methods used with cyberattacks, so they can take appropriate action to protect themselves. Furthermore, training plays a part in ongoing improvements to our companies' digital culture.

It is still important to bridge the gap between theory and practice with real-life simulations. Pitching employees – unbeknownst to them – against fictitious attacks further raises their awareness of the very real risk of piracy and sharpens their reactions. The results of these simulations – involving phishing emails and ransomware – can be used to assess their ability to detect intrusion attempts and decide whether or not a new, better adapted, training cycle needs to be run.

All of these initiatives involving identifying, preventing and delivering training about cyber threats for employees constitute the first line of defence for our companies. Indeed, cybercriminals are increasingly clever, so simply installing tools and securing mobile devices is no longer enough. Cybersecurity is no longer an issue for just IT departments. It is part and parcel of everyday life for employees, service providers and clients. We all have a role to play in ensuring it.