Cyberscurit: Advice from Bpifrance and Cybermalveillance to SMEs

Faced with persistent cyber attacks in France and the lack of awareness among companies on this subject, several guides have sprung up to provide information on best practices in cybersecurity. ANSSI, the National Information Systems Security Agency, published last February a guide to accessible measures for overall business protection entitled “Cybersecurity for VSEs / SMEs in 12 questions”. On May 20, it is Cybermalveillance.gouv.fr and Bpifrance’s turn to mobilize to support companies facing the growing risk of cyberattacks.

Far from being revolutionary, this guide is above all a reminder for SMEs and midcaps to fight against cybercrime risk and plan rather than suffer possible attacks.

“Do not put all your eggs in one basket”

Among the good practices there are certain basic bases consisting of “appointing a cybersecurity referent within the management committee”. This role will be to carry out the risk analysis and design an action and investment plan. The guide suggests adopting “cyber-hygiene”. Raise awareness among employees, know how to manage passwords, regularly update devices, software and anti-virus software, avoid risky behavior, or carry out regular backups. So much advice, simple and yet little applied in the business world.

Taking cyber risk into account cannot be reduced to IT solutions. “It requires a common awareness and must be reflected in the organization and human behavior”. SMEs and mid-cap companies are sorely lacking in “turnkey” solutions. In order to prevent cyber attacks, it is crucial to initiate awareness campaigns, training and appropriate diagnostics as well as to offer consulting missions. Another point is often – wrongly – a source of hesitation: the cost of solutions to counter cyber risk.

4 key measures against cyber risk

Further on, we find four major measures put forward by the guide to carry out a self-diagnosis, but also to establish a security plan or to request personalized support including financing.

– Autodiag Cybersecurity Bpifrance : Bpifrance provides you with an online self-diagnostic tool to allow you to assess your company’s level of maturity in terms of cybersecurity. Simple and educational, it will allow you to establish a diagnosis of your business and access numerous online resources. It is accessible free of charge after online registration.

– Cybersecurity Consulting Module : this module takes place over 10 days with the support of a specialist consultant. It allows you to carry out an inventory of your situation, establish a security plan for your IT systems and make your employees aware of best practices. To benefit from it, contact your account manager or the Bpifrance agency in your region.

– Cyber ​​Defense diagnosis : to protect companies in the Defense sector against digital risks, the Directorate General of Armament (DGA) and Bpifrance offer you tailor-made support, by an expert in cybersecurity, and participate in the financing of his service. It is accessible to SMEs carrying out activities related to the Defense sector and having obtained a pre-agreement from the DGA.

– Label ExpertCyber : developed by Cybermalveillance.gouv.fr, in partnership with the main professional unions in the sector (Federation EBEN, Cinov Numérique, Syntec Numérique), the French Federation of Insurance and the support of AFNOR, the ExpertCyber ​​label is intended to promote digital security professionals who have demonstrated a level of technical expertise and transparency in supporting their customers in securing their information systems and remedying their security incidents.