Safety and cybersecurity are often very cross-functional, so it is essential to define them.
Safety concerns several themes, namely:
protect physical assets,
protect intangible assets,
protect the company’s reputation,
protect the business activity,
participate in fraud prevention,
contribute to crisis management.
Threats to cybersecurity are many and constantly evolving, whether it is cybercrime or attempts at destabilisation or even sabotage. Cybersecurity provides:
Practices and technologies that enable each of our employees to have the information and digital tools necessary to carry out their missions securely,
Reliable protection of industrial and information systems,
Practical advice available at any time,
A cybersecurity culture designed to improve everyone’s behaviour in the face of threats in both the professional and personal spheres.
Because threats are constantly being renewed and improved by malicious sources, we are taking steps to ensure that safety and cybersecurity risks are continually taken into account to achieve one objective: “Zero surprise”. To meet this ambition and improve our performance in these areas, we have identified three fields of action to prioritise:
Identify risks to control them better,
Improve our safety/cybersecurity culture,
work on our behaviour in the face of malicious acts.
Because each of our employees is concerned by safety and cybersecurity, the challenges of which are growing: increasingly collaborative working methods, greater openness to the outside world, data dematerialization, etc.
To protect the company from malicious acts or “surprises”, we have chosen to integrate and apply a specific organisation, a reference framework and best practices related to safety and cybersecurity. These are distributed both to our employees and the companies involved.
Our approach thus involves three priority actions:
Anticipation, to reduce exposure to a potential threat. It involves rapid feedback from the field, strategic monitoring and understanding the constant shifting of threats,
Prevention, to reduce the likelihood of a threat occurring. It is based on organisational, technical and human measures,
Protection, to limit the impact of a malicious act against our teams, information and assets. It uses suitable solutions, reflexes and dedicated equipment.
While we have tools for protection and advanced detection, we also favour an integrated safety culture based on a training and coaching system for our employees. Our ambition is to accompany, raise awareness, alert and protect. For cybersecurity, this is seen by:
Adapting the training to different audiences according to their missions, changing threats and other attack strategies,
Support - through a “cyberaware” culture - for the secure use of collaborative tools (including email, through the detection of fraudulent/phishing emails) and the management of sensitive information.