F.A.Q

Cybersecurity

Phishing, which involves sending fake messages to staff, remains one of the most common ways hackers gain access to a company's computer systems. Attackers may ask staff to click on links in an email to install malware on their computers, or links that can direct them to fake websites requesting sensitive information (such as bank details). The president scam is a common method: criminals send phishing emails claiming to be from a senior executive of the organization and asking staff to transfer money - which then ends up in the pockets of the fraudsters.

While such messages can be sent via SMS, social media or phone, the most likely means of attack is via email.

For Ability-Secure, possible responses to these attacks include incorporating solutions to filter or block incoming phishing emails, ensuring that external emails are marked as external, stopping fraudulent messages from attackers, and supporting staff with training.

Organizations can also limit the impact of phishing attacks via a proxy server that prevents access to known malicious sites, ensuring that staff do not browse the web or check email with an administrator account, and adopting dual authentication (2FA ) on important accounts or services.

Ability-Secure cautions against the abuse of elevated privileges, which should be carefully controlled and managed. If an account with higher privileges is required for a job, staff should use a standard user account for everyday work, such as email and web browsing.

Ability-Secure promises a "minimum privilege" policy when creating staff accounts. It involves minimizing the use of privileged accounts and maintaining strong links between HR processes and IT so that these accounts do not remain active when employees with these accesses leave.

Fixing software and hardware is a tedious and time-consuming process, but ignoring patches could expose you to disastrous consequences. Much of the impact of the Wannacry attack could have been avoided if companies had ensured their software patches were up to date.

Companies should have an end-of-life plan for endpoints and software that are no longer supported and ensure that their network architecture minimizes the harm that an attack can cause - useful in the case of a zero-day attack that exploits vulnerabilities for which no defense exists.

Ability-Secure also suggests that companies use cloud-based applications where security updates can be managed by the cloud provider: "Allowing cloud providers to provision IT services can allow you to focus your limited security resources on protecting your custom applications and user endpoints, something only you can do," the agency advocates.

Any connection to your suppliers or customers could be an avenue of attack to your systems and is often an overlooked weakness. Security must be considered in all contracts and all controls must be verified and audited. Companies should also be careful to minimize the number of services exposed and the amount of information exchanged.

Passwords are an obvious access control, but not the only one, and they must be complemented by other controls to protect your business. Ability-Secure believes that companies should encourage the use of sensitive passwords and ensure that all default passwords are changed.

To avoid unrealistic demands on users, companies should only enforce password access when it is truly necessary, and only enforce regular password changes when warranted by suspected hacking.

You should also provide secure storage, so that staff can write down passwords and protect them (but not with the device itself). Staff will forget passwords, so make sure they can easily reset their own passwords themselves.

Companies should also consider implementing two-factor authentication where possible: "The 2FA configuration is the most useful solution for protecting important accounts and, where possible, should be deployed on both employee and customer accounts."

Web development

Cette question est très intéressante, et la réponse est compliquée.
En effet, un site internet très simple d’une page peut être réalisé en quelques jours seulement, d'autres un peu plus complexes en quelques semaines, tandis qu’un site E-commerce avec de multiples fonctionnalités sur mesure peut prendre plusieurs mois de développement.
Pour en savoir plus, nous vous invitons à nous contacter pour discuter de votre projet, vous pourrez alors obtenir un délai plus précis en fonction de votre besoin.

Bien entendu !

Même à distance, nous pouvons, ensemble, mener à bien votre projet.

Différents outils nous permettent de communiquer sans altérer la qualité de notre collaboration (Skype,Teamviewer, Slack)...

N’hésitez pas à nous contacter même si vous êtes situés loin de l’Ile de France.

Bien entendu, nous ne laissons jamais un client seul une fois le site livré. Nous proposons 2 formules différentes pour la maintenance de votre site post livraison.

  • Une formule sécurité qui comprend toutes les mises à jour et une veille quotidienne sur l’état de votre site.
  • Une formule orientée SEO ou nous suivons le résultat du référencement de votre site, et nous cherchons à l’améliorer à travers de multiples techniques de référencement / SEO.

Sachant qu’un site représente des frais pour une société qui le développe, nous demandons un acompte de 30% au démarrage des travaux de votre site.

Le solde de 70% est à régler à la livraison du site, une fois sa mise en ligne effectuée.

Chez Ability-Dev, les devis sont totalement gratuits et ne vous engagent absolument pas.

N’hésitez pas à nous consulter pour connaître le tarif de votre futur site internet.

Loading…
Loading the web debug toolbar…
Attempt #