Ten minutes of illegal streaming on your professional computer, and the key, months of access to the corporate network for a hacker ... This risk is very real as the French, who switched to emergency telework with containment, have taken on very bad IT habits, according to an international study * carried out at the end of April by the Israeli cybersecurity company CyberArk.
First point on the equipment: the French are only 56% of the respondents to have received a laptop, a tablet or a smartphone more secure than their devices, to work remotely. Is it the urgency of the situation and / or the lack of available equipment? This equipment rate remains far from American (87%) or even British (90%) standards.
A third uses the work PC for leisure
A short online shopping session, a game of video games or children's homework… Almost a third (29%) of respondents confessed to having diverted their professional equipment for a personal activity at home.
This practice turns out to be very French. Our German and British neighbors refuse 84%.
A harmless sharing of resources in the home, which nevertheless involves hidden dangers.
“There are already the classic risks of“ phishing ”by e-mail or theft of personal passwords, but hackers can also, from a dubious site or application, install a“ keylogger ”(a recorder of typed keys) to retrieve the professional identifiers of an employee ", alerts Jean-Christophe Vitu, Director of pre-sales and professional services at CyberArk.
They only need one access point to infiltrate a business from its own tools. And when it's not a business device that is compromised and gives them the keys to the door, other means of connection can endanger the entire corporate network.
Insecure devices as entry airlocks
85% of the employees surveyed indicated that they had remotely connected to their company's networks with… their personal devices.
Newsletter - The essentials of the newsEvery morning, the news seen by Le Parisien
Your email address is collected by Le Parisien to allow you to receive our news and commercial offers. Find out more
Between a tablet with a random security update and a computer without antivirus on an old version of Windows, cybersecurity professionals call this an "increase in the attack surface". Or the IT security director's nightmare.
A little positive: French employees go for 62% of them through a VPN (virtual private network) which limits the damage by securing their connections a little more by isolating them from the public Internet network.
"But even companies that have taken the time to install VPNs on their employees' workstations have been the target of cyberattacks" assures Jean-Christophe Vitu.
In question ? Another bad habit. 89% of respondents admit to using "their" password for all their devices and for all their accounts. 18% have only one or two to connect.
It is therefore enough for a hacker to appropriate an account on a social network or an insecure application to get hold of the magic and universal formula.
These edifying figures are to be compared with a study on ransomware attacks published in mid-May by the cybersecurity company Sophos.
More than half (52%) of French companies said they had seen a major ransomware attack in the past twelve months. In most scenarios, the attacker had retrieved the identifiers of a basic employee and had comfortably installed himself on the internal network before starting his operation.
Average cost of damage: € 420,000 and double if a ransom is paid. What torpedo an SME. This is expensive for an episode watched on the office PC.