Digital security

Cyber attacks are omnipresent, affecting organizations and individuals on a daily basis. It is essential to adopt good practices to reduce the risks.
Infographic: 90% of security breaches are due to human error; 87% of breach notifications received concern a loss of confidentiality (CNIL, 2023); 12% of ransomware victims are ESR institutions (Anssi, 2024)
Key figures for digital security in ESR © Freepik/Inalco‎

Kit de sensibilisation aux risques numériques - Dispositif national d’assistance aux victimes d’actes de cybermalveillance (3.46 MB, .pdf)

10 best practices to limit risks

1. Secure your access with strong passwords

Adopt long (at least 12 characters), complex (combination of uppercase, lowercase, numbers and special character) and unique passwords for every device and service, whether personal or professional. Cyber attacks often exploit weak or reused passwords. When in doubt, or as a preventive measure, change them regularly.

For enhanced security, use a password manager to store and generate secure, effortless passwords. Also activate two-factor authentication as soon as possible.

To go further: Why and how to manage your passwords properly? / Site for checking password strength / Account hacking, what to do?

2. Protect your data: backups and recovery solutions

It's essential to make frequent backups of your devices (PCs, smartphones, tablets) and store them on external media to guarantee their security (USB sticks, external hard drives, cloud).

If you lose a backup medium, make sure your data is also backed up online, and use encryption tools to protect its confidentiality.

To go further: Why and how to properly manage your backups?

3. Separate your personal and professional uses

With the rise of digital technology, the line between personal and professional life is becoming increasingly blurred. So it's crucial to clearly separate your tools and services (devices, messaging, storage spaces, etc.) to limit the risks of compromise. This separation helps to protect your information on both sides and avoid incidents such as theft of sensitive data, propagation of malware or leaks of confidential information.

For further information: Learn to separate your pro-perso uses

4. Protect yourself with an effective antivirus

Antiviruses are essential for protecting your devices against viruses and a wide range of malware such as Trojans, ransomware, and spyware. Make sure you always keep your antivirus software up to date and run regular scans for potential threats.

Further information: Antivirus software

5. Don't fall into the trap of phishing (phishing)

This technique involves tricking you into clicking on a fraudulent link or opening an infected attachment, often with the aim of stealing your personal information, such as passwords or bank details.

If you receive an unexpected or alarming message by email, SMS or chat, be vigilant and always check its authenticity before responding. If the sender seems known and legitimate, contact him/her by another means to confirm the request.

To go further: What is phishing? / Phishing: detecting a malicious message

6. Beware of public or unknown WiFi networks

When you're out and about, privilege your subscription's mobile connection (4G, 5G) over public WiFi networks, which are often insecure. Hackers can exploit these networks to intercept your sensitive data (passwords, banking information...). If you absolutely must use public WiFi, avoid any sensitive operations and use a VPN to secure your connection.

To go further: Use public WiFi? Here are 4 precautions to take...

7. Keep your digital tools up to date

Obsolete software or devices become prime targets for cyberattacks. Updates correct security flaws that cybercriminals could exploit to access your data, steal your credentials or take control of your devices. Download them exclusively from the publishers' official websites. Whenever possible, activate automatic updates on your devices.

To go further: Why and how to manage your updates properly?

8. Download your apps safely

To reduce the risk of malware infection, it's crucial to download your apps only from official, verified sources. Avoid unverified or dubious sites, which often offer illegal content (pirated downloads, unauthorized streaming, etc.), as they may harbor viruses, Trojans or other malware.

9. Don't leave your equipment unattended

Whether you're in the office, on the road or in a public place, it's essential to never leave your devices open and unattended. Indeed, equipment left unprotected can easily be tampered with, stolen or compromised without you being aware of it.

10 Be vigilant about the personal or professional information you disseminate

Never communicate personal or professional information on sites that you feel are insufficiently protected, a fortiori if the words "Unsecured" appear to the left of the website address. Similarly, beware of data you implement in generative AI tools or via software that isn't sufficiently secure. Where possible, get into the habit of watermarking your personal documents before any communication to a third party.

 

Learn more

1. Get trained

The ANSSI, l'Agence nationale de la sécurité des systèmes d'information provides a free MOOC (Massive Open Online Course) in four modules for distance learning.

Senscyber is a sensitization platform set up by the Cybermalveillance.gouv.fr team and designed for civil servants to learn and test knowledge.

Familiarize yourself with the language of cybersecurity with the CyberDico.

2. Report

  • If you are a victim of professional cyberbullying: View e-mail

  • If you identify a suspicious message on your professional mailbox: View e-mail

  • If you are a victim of cyber-malware on a personal level, it's important to report it to the appropriate authorities.

Here are a few addresses for reporting cyberbullying:

  • Reporting a phishing site: Phishing-initiative.fr

  • Phishing tips: Info Escroqueries hotline at 0 805 805 817 (free call, available from 09:00 to 18:30, Monday to Friday)

  • Report a suspicious message: Signal-spam.fr

  • The 17Cyber, an online assistance site offering rapid diagnosis of the problem encountered, personalized recommendations according to the situation encountered, technical assistance from an IT service provider and 24/7 chat support with a gendarme or police officer when the threat requires it.

  • The PHAROS platform, enables the reporting of illegal Internet content