Information System Security : how to do that ?

It is now obvious that one of the challenges of today's IT is security.

If your budget and/or the size of your company does not allow you an audit made by an external specialized company, you can (must !) just right now use a ressource made available to all of us by the Confederation : the web site of National center for cybersecurity, NCSC, at :

https://www.ncsc.admin.ch/

Depending on wether you are a privative user, a company or a IT specialist, you will find there, gathered in the same place, all the information tailored to your needs. On the home page, you can report a cyberincident, and consult the last "current incidents" that have been reported to NCSC, like fraudulent email and phone calls campaigns. You can also find an alphabetical list of existing cyberthreats in the tab named … "Cyberthreats".

If we focus on the section dedicated to companies (reachable from the home page or in the "Information for" tab), information are sorted in three chapters : Current topics, Incident - what next ?, Current threats.

By taking a pro-active approach, and to quickly take concrete measures, let's consult chapter named "Current topics" : for example items named "CEO fraud", "Check fraud" and "Malware after call"; it mainly consists in informing and educating company's employees.

In the midrange term, let's dive into chapter named "Current topics", and consider among others the following items :
« Information security checklist for SMEs »
« Protect your accounts »
« Handling emails securly »
« Cooperation with IT service providers »
« Home Office - Secure use of remote access ».
etc …

Finally, in the event of a proven cyberattack, one has to refer to items of chapter named « Incident - what next ? », dealing with DDoS (Distributed Denial of Service), ransomwares, hacked web sites and data leak. More particularly, the item « Cyberattack - what next? Checklist for CISOs » (CISO = Chief Information Security Officer) must have been read.

You now have everything you need to organize your thinking and take the necessary measures to reinforce or verify the security level of your Information System.

DCS can support you in this effort : an outside eye, a new eye, is always an asset.