French governmental bodies are looking to help individuals and families develop safer practices online as part of CyberMoi/s, a Europe-wide campaign which aims to raise awareness on cyber attacks.
In France, this event is led by the Agence nationale de la sécurité des systèmes d'information (ANSSI), a governmental computer security body, and cybermalveillance.gouv.fr, a website which members of the public can use to report cyber attacks.
The annual CyberMoi/s event began before the pandemic, but cyber attacks grew significantly more common over the lockdown periods. Hospitals have seen their records hacked, company data has been leaked and individuals have had to contend with ransomware and scams.
“We noticed 2.5 million people on our website in 2021, with more than 173,000 requests for cyber attack assistance, up 180% from 2020,” said Béatrice Hervieu, public relations officer at cybermalveillance.gouv.fr.
Cybercriminality is estimated to be the third largest financial system in the world, behind China and the US, with more than €190,000 of damage done each second according to studies from Le Club des juristes, a legal think-tank.
In its latest report, the Club provided advice to the government, France’s judicial bodies, companies and European instances, some of the most sought-after targets by cyber criminals.
The most common types of cyber attack on individuals include phishing – the practice of contacting someone while posing as an employee of a reputable company in order to induce them into sharing personal information – and malware: softwares which look to damage or gain unauthorised access to a computer system.
We look at what you can do if you are the victim of a cyber attack.
What action should I take?
Individuals can first report the attack on cybermalveillance.gouv.fr, which is designed specifically to assist private individuals, collectivities and companies who are the victims of cyber attacks.
You will be asked to answer questions and describe the attack before the platform provides a diagnosis and suggests free or paid solutions depending on the crime’s scope and significance.
Secondly, individuals should file a complaint to the local gendarmerie or a nearby police department. The complaint will be filed as a ‘plainte contre X’ under French law since the attacker will – most likely – be unknown to the victim.
Reports can be filed up to six years after the attack occurred, but it should be noted that cyber attacks are best addressed immediately after they occur.
The complaint will be transferred to the Centre de lutte contre les criminalités numériques, also known as the C3N, if a judge deems the attack to be worthy of an investigation.
Companies which have experienced a cyber attack that has leaked personal customer information must inform them of the security breach.
This was the case last March, when 19 healthcare professionals had their Amelipro accounts hacked and the details of at least 510,000 people were stolen.
Cyber criminals risk up to two years in prison and a fine of €60,000, or up to seven years and a €300,000 fine if the attack involves private information held by a government body.
How to prevent an attack?
Cybermalveillance.gouv.fr has also launched a new family-oriented toolkit to help people manage cyber risks, after observing a 65% increase in reports being lodged by members of the public in 2021.
Families represent 90% of the total number of complaints.
The toolkit advises individuals to protect their systems with strong passwords and avoid using the same password for multiple websites, as criminals have developed systems that can analyse millions of password possibilities in a few minutes.
Many websites already require passwords which contain lower and upper case letters, numbers and special characters, and this is a good way of securing your accounts.
Second, individuals should store important data on several different systems, including external harddrives and Cloud servers for example.
It is also recommended to update systems as often as possible and protect machines with firewalls and antivirus software.
The website regularly warns individuals and families to be very careful of suspicious emails and text messages, as cyber criminals develop more sophisticated phishing techniques which use government logos and text formats to trick people.
The website advises to always look for the sender email address, as government websites most likely contain gouv.fr.
Similarly, if you receive a message which claims that it has obtained private images of you through your webcam and threatens to publish them online unless you pay, you should consider that the threat is likely false and simply designed to extort your bank details from you.