2021-12-17
What is a security audit?
Your phones are connected to the computer network, this same network where are connected to the Internet your computers, printers and other computer devices. This is naturally the gateway to potential attacks and fraud.
A gateway for a hacker can be malicious software on a computer, often installed illegally or via e-mail (also called « Phishing »), via your internet router or server software that is not up to date, a guest's table computer connected with a virus, your WiFi that is not secure enough, an unauthorized technician or person who is physically connected to your network (if your server room is not not crossed out for example or because your computer network is badly configured), etc ... The reasons for a hack can be multiple, hence the interest of carrying out a "Security Audit". The audit learns about the vulnerabilities of a network, your infrastructure but also human vulnerabilities that are often overlooked. It is an objective document that will help you better prepare and organize yourself in your work while making it safer.
What specific material should I protect? You don't have to target any particular device, because a hacker just needs to access your computer network. Once access has been granted, it is easy to install software which "listens" to what is happening on your network (« sniffeur »), which examines the calls, detects accesses, passwords, etc ... and can then simulate a telephone (via software) which makes it possible to make calls or to connect to a central which automates fraudulent calls. This access can also be used for many other hacks such as the increasingly popular « cryptowares » which encode your data in exchange for ransoms (« ransomware ») to (eventually) unlock your data. If your data is sensitive or strategic, it can also be copied and sold on the « Dark Web ».
Updates to your software and working platforms such as Windows should not be neglected either. They are the primary source for even less experienced hackers to exploit these unpatched vulnerabilities. New attacks appear every day, so be on the lookout for news that ring the alarm bells on potentially dangerous issues. Recently the flaw identified « Log4Shell » is doing a lot of damage. It affects all platforms using the « Java » language and Web servers using « Apache » ...
To protect you, we can provide advice free of charge, but for a more in-depth analysis, it is strongly recommended that you protect yourself from a « security audit ». This takes time and investigation to provide you with a detailed report, but above all allows you to better understand your work environment, identify the weaknesses of this environment, educate your staff to avoid fraud and ultimately, better protect your hard-earned work!
