Author name: MW Agency

Green IT for SMEs: Combining Digital Performance and Environmental Sustainability Green IT for SMEs: Combining Digital Performance and Environmental Sustainability Digital transformation has become an essential step for all companies, including small and medium-sized enterprises (SMEs). It optimizes processes, facilitates collaboration, and stimulates innovation. However, this digital boom comes with a sharp increase in energy and resource consumption, often invisible at first glance. For example, data centers are estimated to represent around 1% of global electricity consumption, equivalent to the annual consumption of several million households. In Switzerland, data centers already account for nearly 4% of national electricity consumption, as much as all the country’s trains combined. With the rapid rise of cloud computing and artificial intelligence, this digital footprint continues to grow. In this context, the Green IT approach (or sustainable IT) aims to reverse the trend: it brings together a set of practices designed to reduce the environmental footprint of digital technologies while preserving performance. In other words, the objective is to adopt eco-responsible technologies and more sustainable usage patterns in order to reconcile digital transformation with environmental sustainability. What is Green IT? Green IT (short for Green Information Technology) refers to all strategies and best practices aimed at minimizing the environmental impact of digital technologies throughout their lifecycle. This includes the eco-responsible design of hardware and software, their energy-efficient daily use, and the end-of-life management of equipment with proper recycling of electronic waste. Beyond technical solutions, Green IT involves a comprehensive organizational approach: it means rethinking digital usage and integrating digital sobriety into company practices to align digital transformation with sustainable development goals. Why does Green IT matter for SMEs? Several factors are encouraging SMEs to take a closer interest in sustainable IT practices: Rising energy costs: IT represents a growing share of electricity expenses and operational costs for SMEs. Between servers running 24/7, office equipment, and massive online data storage, the energy bill related to digital technologies is increasing rapidly. Optimizing the consumption of these systems is therefore an immediate lever to reduce costs. Pressure from customers and partners: More and more clients, consumers, and business partners expect companies to adopt sustainable practices. Committing to a Green IT approach sends a strong signal: the company reduces its carbon footprint and demonstrates environmental responsibility, thereby strengthening its brand image and competitiveness in the market. Increasing regulatory requirements: Public authorities – in Switzerland, in Europe, and elsewhere – are multiplying environmental standards and incentives for digital sobriety. For example, Switzerland encourages improvements in the energy efficiency of data centers, and the European Union is progressively imposing directives on electronic waste management and the energy consumption of devices. Adopting Green IT enables SMEs to stay ahead of regulatory compliance, avoid potential fines, and benefit from available incentives for responsible companies. Performance and innovation: Contrary to common belief, improving the environmental efficiency of IT can go hand in hand with enhanced performance. For example, rationalizing stored data or modernizing an obsolete server can accelerate applications while consuming less energy. Likewise, migrating to high-performance cloud tools can strengthen business agility while reducing its carbon footprint. Thus, digital performance and sustainability can progress together, offering SMEs a dual competitive advantage. Key Green IT practices (and their benefits) Fortunately, SMEs can deploy Green IT step by step, depending on their resources and priorities. Below are some fundamental Green IT practices and the concrete benefits they bring to small businesses: Green IT Practice Potential Benefits for SMEs Efficient IT infrastructures (cloud & virtualization) Reduce energy consumption by optimizing server and storage usage (fewer active machines, reduced cooling systems). Lower electricity bills and maintenance costs, while potentially improving application reliability and performance. Sustainable and eco-designed hardware Energy-efficient IT equipment (Energy Star certified and equivalent) consumes less electricity and lasts longer. By prioritizing modular, repairable, or refurbished equipment, companies reduce replacement costs and limit electronic waste production. Responsible e-waste management Recycling and reuse policies for end-of-life equipment reduce electronic waste and prevent pollution associated with landfill disposal. Recycling recovers valuable materials, and refurbishing used devices can generate savings or additional revenue. Sustainable digital usage Measures such as automatic sleep mode for computers, switching off equipment outside office hours, reducing paper printing, and disabling unnecessary digital services immediately decrease electricity consumption and waste. These simple actions lower recurring costs and demonstrate the company’s environmental commitment, strengthening its image among stakeholders. Awareness and green corporate culture Integrating Green IT into company culture ensures the sustainability of efforts. Training employees in digital eco-friendly practices (e.g., managing emails properly, limiting HD streaming, unplugging unused devices) and including environmental objectives in IT strategy strengthens staff engagement and coherence of actions. Challenges and opportunities of Green IT for SMEs Despite its many advantages, implementing Green IT can present specific challenges for small organizations. A lack of financial and technical resources is often cited as a barrier: investing in more energy-efficient equipment or newer software represents an immediate cost that can be difficult to bear for an SME with a tight budget. In addition, a lack of expertise in digital sustainability can leave managers feeling overwhelmed by the range of possible solutions, and resistance to changing habits within teams can slow down the green transition. These obstacles are real but can be transformed into growth and innovation opportunities. For example, improvements in energy efficiency ultimately generate substantial long-term savings, largely offsetting the initial investment. Likewise, the need to train in responsible digital practices can become an opportunity to build skills and innovate, strengthening the company’s competitiveness. By overcoming internal resistance through awareness and employee involvement, the SME develops a more agile and responsible corporate culture, fostering internal cohesion. Finally, by voluntarily adopting Green IT practices, an SME positions itself as a pioneer in its sector. It can gain a competitive advantage by responding to growing demand for environmentally friendly products and services. It will also be better prepared for future regulatory changes or fluctuations in energy costs, thereby strengthening its resilience. Practical tips to start Green IT SMEs do not need significant

Cybersecurity Switzerland 2026: anticipate NIS2, DORA and FINMA. Understand the key requirements and strengthen your company’s resilience. Cybersecurity Switzerland 2026: Are you ready for NIS2, DORA and FINMA? Cybersecurity Switzerland 2026: Are you ready for NIS2, DORA and FINMA? By 2026, regulated companies in Switzerland will have to face an unprecedented convergence of regulations in cybersecurity and operational resilience. On one side, the European regulations NIS2 and DORA impose strict standards on companies operating within the European Union. On the other, FINMA and the National Cyber Security Centre (NCSC) are strengthening local requirements. Objective of this article: help you understand the implications of these regulations, identify the risks of non-compliance, and adopt best practices to ensure the security of your information systems and the continuity of your critical activities. Why NIS2 and DORA compliance also concerns Swiss companies Even though Switzerland is not a member of the EU, it does not escape the influence of European regulations. The NIS2 Directive and the DORA Regulation apply indirectly to Swiss companies through their cross-border activities, their partners or their subsidiaries in the EU. Switzerland has chosen to align its national strategy with NIS2 through the KRITIS-G law, which will enter into force in January 2027. Likewise, Swiss ICT providers delivering services to financial entities in the EU must comply with DORA as of January 2025. DORA: What Swiss ICT providers need to know The DORA Regulation requires financial institutions and their ICT providers to implement: An ICT risk management framework Resilience testing (TLPT, BCP) Rigorous third-party supplier management Incident notifications within strict deadlines Sanctions of up to 2% of global annual turnover Even though DORA is a European regulation, it applies to Swiss providers operating for financial entities in the EU. It is therefore crucial to anticipate these obligations now. FINMA 2023/1: A new era for banking operational resilience FINMA Circular 2023/1, in force since January 2024, requires Swiss banks to implement: Strengthened operational risk governance Identification of critical functions Business continuity management (BCM) plans Rapid notification obligations in case of a cyber incident It aligns with international best practices and complements DORA requirements for Swiss financial institutions. Comparative table: NIS2 vs DORA vs FINMA – What are the differences? Requirement NIS2 (EU) DORA (EU) FINMA 2023/1 (Switzerland) Sectors concerned 18 critical sectors Financial sector + providers Banks and insurers Incident notification Max 24h Strict deadlines As soon as possible Sanctions Up to 10% of global turnover Up to 2% of global turnover Periodic penalty payments, withdrawal of authorization Governance required Yes Yes Yes Supplier management Mandatory Very detailed Requirements via Circ. 2018/3 Non-compliance risks: What you really risk Financial fines (up to 10% of turnover) Loss of contracts with European partners Damaged reputation (publication of breaches) Withdrawal of authorization by FINMA Exclusion from public tenders Increase in cyber insurance premiums Synergies and divergences between Swiss and European frameworks Synergies: Common objectives: strengthening cyber resilience Risk-based approach and reinforced governance Compatibility between technical requirements (ISO 27001, NCSC ICT Minimum Standard) Divergences: Different definitions of critical functions Varying notification deadlines Stricter contractual requirements under DORA 6 best practices to anticipate 2026 without stress Conduct a NIS2 / DORA / FINMA compliance audit Implement a cybersecurity framework based on ISO 27001 Integrate regulatory requirements into supplier contracts Train teams on incident management Involve the Board of Directors in the cyber strategy Use the NCSC ICT Standard as a technical baseline Turning compliance into a competitive advantage The convergence of NIS2, DORA and FINMA regulations is not just a regulatory challenge. It is a strategic opportunity for Swiss companies to: Strengthen their cybersecurity posture Earn the trust of clients and partners Position themselves as a reliable player in the European market Reduce operational and legal risks By anticipating now, you turn compliance into a growth lever.

Discover why SMS codes are no longer sufficient for MFA and which modern, secure, and phishing-resistant authentication solutions to adopt in Switzerland. MFA Security: Why SMS Codes Are No Longer Enough in 2026 (and What to Adopt in Switzerland)  For many years, enabling multi-factor authentication (MFA) has been a cornerstone of account and device security. MFA remains essential, but the threat landscape has evolved, making some traditional methods less effective. The most common form of MFA – four- or six-digit codes sent via SMS – is convenient and familiar, and certainly an improvement over passwords alone. However, SMS relies on aging technology, and cybercriminals now have reliable techniques to bypass it. For organizations handling sensitive data, SMS-based MFA is no longer sufficient. It is time to adopt modern, phishing-resistant MFA to stay ahead of current attacks. SMS was never designed as a secure authentication channel. Its dependence on mobile networks exposes it to significant vulnerabilities, particularly within telecom protocols such as Signaling System No. 7 (SS7), which is used for communication between networks. Attackers know that many companies still rely on SMS for MFA, making it an attractive target. For example, SS7 vulnerabilities can be exploited to intercept SMS messages without even accessing your phone. Eavesdropping, message redirection, or injection can occur directly within the operator’s network or during transmission. SMS codes are also vulnerable to phishing. If a user enters their username, password, and SMS code on a fraudulent website, attackers can capture all three elements in real time and immediately access the legitimate account.  Understanding SIM Swapping Attacks One of the most serious threats associated with SMS is SIM swapping. In this type of attack, a criminal contacts your mobile carrier while impersonating you and claims to have lost their phone. They then request that your number be transferred to a new SIM card in their possession. If successful, your phone loses service while the attacker receives all your calls and SMS messages, including MFA codes for your banking or email services. Even without knowing your password, they can reset your credentials and take full control of your accounts. This type of attack does not require advanced technical skills. It primarily relies on social engineering targeting carrier customer support, making it simple yet potentially devastating. Why Phishing-Resistant MFA Is Becoming the New Standard To counter these threats, it is essential to minimize human intervention by adopting phishing-resistant MFA. This approach relies on cryptographic protocols that bind each login attempt to a specific domain. One of the most widely adopted standards is FIDO2, which uses cryptographic keys tied to both a device and a domain. Even if a user clicks on a phishing link, the authentication application will not release credentials if the domain does not match. This technology is also passwordless, eliminating the risk of phishing-based theft of passwords or one-time passcodes (OTPs). Attackers are forced to target the device itself, which is far more difficult than deceiving a user. Using Hardware Security Keys Hardware security keys are among the most robust phishing-resistant solutions available. These are small physical devices, similar to a USB key, that are inserted into a computer or tapped against a smartphone. To log in, the user simply inserts or taps the key, which then performs a cryptographic verification with the service. This approach is extremely secure because there is no code to enter, and attackers cannot steal the key remotely. They would need to physically obtain it, which is significantly more difficult. Authenticator Apps and Push Notifications If physical keys are not feasible, authenticator apps such as Microsoft Authenticator or Google Authenticator are a clear improvement over SMS. Codes are generated locally on the device, eliminating the risks associated with SIM swapping or SMS interception. Push notifications do carry some risk. Attackers can send multiple approval requests, leading to MFA fatigue, where a user eventually taps “approve” simply to stop the alerts. Modern applications now integrate number matching. The user must enter in the app the number displayed on their login screen, ensuring they are physically present at their device. Passkeys: The Future of Authentication As passwords are regularly compromised, modern systems are adopting passkeys – credentials stored on the device and protected by biometrics such as fingerprint or facial recognition. Passkeys are phishing-resistant and can be synchronized through services like iCloud Keychain or Google Password Manager. They offer the security of a hardware key with the convenience of a device the user already owns. They also reduce the burden on IT teams, as there are no passwords to store or reset. Finding the Balance Between Security and User Experience Moving away from SMS-based MFA requires a cultural shift. Because users are accustomed to the simplicity of SMS, introducing hardware keys or authenticator apps may initially meet resistance. It is crucial to explain the reasons for the change, particularly the risks of SIM swapping and the value of the data being protected. When users understand the stakes, they are more likely to embrace stronger measures. A phased rollout can help for general internal users, but phishing-resistant MFA should be mandatory for privileged accounts – administrators, executives, and leadership. The Cost of Inaction Continuing to rely on outdated MFA methods creates a false sense of security. Even if such methods satisfy certain compliance requirements, they leave systems exposed to costly attacks and breaches, both financially and reputationally. Modernizing authentication methods offers one of the strongest returns on investment in cybersecurity. The cost of hardware keys or identity management solutions remains modest compared to the expenses associated with a security incident, incident response, or data recovery. Is Your Company Ready to Move Beyond Passwords and SMS Codes? We specialize in deploying modern identity solutions that are secure and easy to use. Contact us to implement a robust authentication strategy tailored to your organization.

Strengthen your cloud security in 15 minutes a day. Discover best practices to prevent vulnerabilities and protect your data in Switzerland. Moving to the Cloud…  Migrating to the cloud offers great flexibility and speed, but it also brings new responsibilities for your team. Cloud security is not something you configure once and forget: small mistakes can quickly turn into serious vulnerabilities if they are ignored. You do not need to spend hours on it every day. In most cases, a short, regular check is enough to spot issues before they escalate. Establishing a routine is the most effective way to protect yourself against cyberthreats and to maintain an organized and secure environment. Think of daily cloud security checks like a morning hygiene routine for your infrastructure. Fifteen minutes a day can prevent major incidents. A proactive approach is essential to ensure business continuity and should include the following best practices: 1. Review access and identity logsThe first step is to check who has logged in and confirm that all access attempts are legitimate. Identify logins from unusual locations or at odd hours: these are often the first signs of a compromised account. Also pay close attention to failed login attempts. A sudden increase may indicate a brute-force or dictionary attack. Quickly investigate these anomalies to prevent an intruder from moving further into your environment. Finally, proper identity management requires strict monitoring of user accounts. Make sure former employees no longer have access and immediately disable any account that should no longer exist. Keeping a clean user list is a fundamental pillar of security. 2. Check storage permissionsData leaks often result from the accidental exposure of a folder or file. Misconfigured permissions can make an item public with a single click. Review your buckets or storage spaces daily and ensure that private data remains private. Look for any container configured with “public” access. If a file does not need to be publicly visible, lock it down. This simple check prevents sensitive data leaks and protects both your reputation and legal compliance. Misconfigurations remain one of the leading causes of breaches. Even though cloud providers offer automated detection tools, a manual review by your cloud administrators is recommended to maintain a clear view of your environment. 3. Monitor unusual usage spikesSudden changes in consumption can reveal a security incident. A compromised server may be used for cryptocurrency mining or integrated into a botnet attacking other systems. Common indicators include a CPU running at 100% or an unexpected increase in cloud costs. Check your cloud dashboard daily to spot abnormal resource spikes and compare the day’s data with your usual baseline. If something looks suspicious, inspect the affected machine or container and trace the root cause: this can prevent a much larger issue. Resource spikes may also indicate a DDoS attack. Identifying them quickly allows you to mitigate traffic and keep your services online. 4. Review security alerts and notificationsYour cloud provider likely sends security alerts, but they are often ignored or end up in spam. Make it a habit to review them daily: they sometimes contain critical information. These notifications may flag outdated systems or unencrypted databases. Addressing them quickly significantly reduces the risk of leaks. Integrate the following checks into your daily routine: Review priority alerts from the cloud security center Check for any new compliance violations Ensure backups completed successfully Confirm that antivirus definitions are up to date on servers Responding to alerts strengthens your security posture and demonstrates due diligence in protecting company assets. 5. Verify backup integrityBackups are your safety net, but only if they are complete and usable. Every morning, check the status of overnight backups. If a job failed, rerun it immediately. Losing a day of data can be costly; maintaining reliable backups is essential to business resilience. It is also recommended to regularly test restores to ensure everything works as expected. Knowing your data is secure allows you to focus on the rest, without fearing the impact of ransomware or other attacks. 6. Keep software up to dateCloud servers require updates just like physical servers. Your daily check should include verifying the status of your patch management system. Unpatched servers are prime targets. With new vulnerabilities discovered every day, reducing the exposure window is critical. Apply patches as soon as they are available, especially critical ones, without waiting for the next maintenance window. This responsiveness prevents many incidents. Building a security routineSecurity does not require heroic daily efforts. It requires consistency, discipline, and a solid routine. A daily 15-minute cloud check is a small investment with a high return, as it protects your data and ensures the smooth operation of your systems. By adopting this proactive approach, you significantly reduce risks, strengthen trust in your IT operations, and simplify the management of your cloud environment. Need help setting up an effective routine? Our managed cloud services monitor your infrastructure 24/7 so you can focus on your core business. Contact us to protect your cloud environment.

Optimize your Microsoft 365 Copilot licenses. Reduce costs, analyze actual usage, and avoid software waste with a comprehensive audit.   Artificial intelligence (AI) is transforming the business world Artificial intelligence (AI) has become firmly established in companies, pushing organizations of all sizes to adopt new tools to gain efficiency and strengthen their competitive advantage. Among these technologies, Microsoft 365 Copilot stands out thanks to its seamless integration into the Office 365 environment, already well known to users. In the rush to adopt new solutions, many companies purchase licenses for their entire workforce without proper analysis. This approach often leads to the phenomenon known as “shelfware”, meaning AI tools that go unused while the company continues to pay for them. Given the high cost of these solutions, it is essential to invest thoughtfully to achieve a real return on investment. Because you can only improve what you measure, a Microsoft 365 Copilot audit becomes essential to assess and quantify adoption rates. An in-depth review makes it possible to see who is actually using the technology and who benefits from it. It also helps make better licensing decisions, reducing costs while improving overall efficiency. The reality of waste linked to AI licenses Buying licenses in bulk may seem convenient, as it simplifies the work of the IT department. However, this strategy often ignores real user behavior: not everyone needs Copilot’s advanced features. Waste occurs when licenses remain inactive. For example: a receptionist is unlikely to need advanced data analysis; a field technician may never open the desktop application. Paying for unused licenses weighs on the budget. Identifying and correcting these gaps is essential to protect company finances. The savings achieved can then be reinvested in more strategic projects. Analyzing user activity reports Fortunately, Microsoft provides built-in tools to analyze actual Copilot usage. The Microsoft 365 Admin Center is the best place to start. It allows you to generate reports over defined periods and obtain a clear view of engagement. You can track indicators such as: enabled users active users adoption rate usage trends This data makes it possible to identify employees who have never used Copilot or whose minimal usage does not justify a dedicated license. This visibility enables fact-based decisions—and opens a constructive dialogue with department managers to understand why certain teams are not using the tool. Strategies to optimize the IT budget Once waste has been identified, it’s time to act. First actions to consider: reclaim unused licenses and reassign them where they are truly needed; implement a formal license request process: only users who can justify their need receive Copilot. IT budget optimization is never a one-off exercise: it requires ongoing monitoring. Reviewing these metrics monthly or quarterly helps maintain control over software spending. Driving adoption through training A low usage rate does not necessarily mean a lack of interest. Some people simply do not need the tool. Others avoid it due to insufficient training, which leads to frustration and poor adoption. That is why reducing licenses alone is not enough: the company must also invest in training. Recommended steps: organize lunch & learn sessions to present key features; share testimonials from internal power users; create a library of short, practical tip videos; appoint Copilot Champions in each department. When an employee understands the value of the tool and knows how to use it, adoption increases naturally—turning an underused license into a real productivity asset. Implementing a governance policy Another way to reduce waste is to establish a governance policy for AI tools. This clarifies: who is entitled to a license; which roles receive one automatically; which cases require manager approval; how often licenses are reviewed. Clear governance avoids the “everyone gets one” approach that leads to waste. It also improves transparency and encourages a culture of accountability in the use of IT resources. Preparing properly before the renewal period The worst time to review your license usage?The day before renewal. Plan your audits at least 90 days in advance. This gives you time to adjust the contract and reduce or optimize the number of licenses. This preparation also strengthens your position when negotiating with vendors: by bringing concrete data, you can align your contract with real needs and avoid another year of unnecessary expenses. Smart management makes all the difference Modern software management requires vigilance and data. With the widespread adoption of subscription models, letting licenses accumulate without oversight is no longer an option. Regular Microsoft 365 Copilot audits protect your budget and ensure effective usage by aligning purchases with actual use. Take control today.Analyze the numbers, ask the right questions, and make sure every franc invested truly contributes to your company’s growth. Ready to optimize your AI tool spending? Our team supports you with comprehensive Microsoft 365 Copilot audits to eliminate waste and take control of your IT budget. Contact us now to schedule your consultation.

Secure remote working on public networks. VPN, data protection, physical security: discover best practices for working securely in Switzerland. The modern workplace goes far beyond traditional cubicles and open spaces Since remote work became widespread during the COVID and post-COVID period, employees now work from their homes, libraries, busy cafés, or even from their vacation destinations. These environments—often referred to as “third places”—offer flexibility and comfort, but they also introduce new risks for corporate IT systems. With remote work becoming a lasting reality, organizations must adapt their security policies. A café cannot be considered a secure office: its open environment exposes employees to very different threats. Teams need clear guidelines to work safely and protect sensitive data. Neglecting security on public Wi-Fi networks can have serious consequences, as these locations are prime targets for cybercriminals seeking to exploit remote workers. Provide your teams with the right tools, best practices, and a solid policy to protect your data—even outside the corporate network. The dangers of open networks Free internet access attracts many remote workers to cafés, shopping centers, libraries, and coworking spaces. However, these networks are rarely encrypted or properly secured. Even when a password is required, it is often widely shared, which significantly reduces the level of protection. As a result, it becomes easy for attackers to intercept traffic and retrieve passwords, emails, or documents in just a few seconds. Some attacks also rely on fraudulent networks deliberately named “Free Wi-Fi” or using the name of a nearby business. Once connected, the attacker controlling the network can see all transmitted data—a classic man-in-the-middle attack scenario. It is therefore essential to remind employees that they should never trust a public network. Caution must remain the rule, even when the network is “protected” by a password. Making VPN usage mandatory The most effective tool for securing remote work is a VPN. A Virtual Private Network encrypts all data leaving the computer, creating a secure tunnel through the internet—even on an untrusted public network. The information then becomes unreadable to anyone attempting to intercept it. The VPN should be provided by the company, and its use should be mandatory whenever employees connect outside the office. To ensure adoption, choose a tool that is simple, fast, and automated. When possible, configure the VPN to connect automatically, without user intervention. Finally, implement technical controls that prevent access to internal resources unless the VPN is active. The risk of visual hacking Cyber threats are not the only risks to consider. In public spaces, someone sitting nearby can easily glance at a screen. Visual hacking involves stealing information simply by looking over someone’s shoulder—a discreet, highly effective method that is almost impossible to detect. In crowded environments, sensitive data—customer information, financial tables, internal projects—can be seen or even photographed without the employee’s knowledge. To reduce this risk, provide privacy screens. These filters make the screen unreadable from the side. Some devices even include built-in hardware privacy systems that limit visibility based on viewing angle. Physically securing devices Leaving a computer unattended is a costly mistake. In a secure office, stepping away for a few minutes is common. In a café, it can lead to device theft in seconds. Your remote work policy must clearly emphasize the importance of physical device security. Employees should: keep their computer with them at all times; never entrust it to a stranger; remain vigilant and assess their surroundings. Also encourage the use of security cables, especially in coworking spaces. While not foolproof, they provide an additional deterrent. Managing sensitive calls and conversations Cafés may be noisy, but conversations are often still audible. Discussing confidential matters in public is risky—you never know who is nearby. A competitor, a fraudster, or a curious bystander could overhear sensitive information. Recommend that teams avoid confidential conversations in third places. If a call is unavoidable, it is better to isolate oneself, step outside, or move to a private space such as a car. Headphones only protect what the employee hears—not what they say. Developing a clear remote work policy Employees should never have to guess the rules. A written policy clearly defines expectations, standards, and procedures. Include dedicated sections on: public networks and their use; physical security measures; best practices for data protection. Explain the reasoning behind each rule to encourage compliance. The policy should also be easily accessible, for example via the intranet. Review this document once a year. Technology evolves quickly, and your policy must evolve with it. Empowering your teams to work securely Working from a third place offers flexibility and motivation, but it requires increased vigilance. Security on public networks and physical protection of devices are non-negotiable. With the right tools, clear guidelines, and a solid policy, you can reduce risks while benefiting from remote work. Well-informed employees become your first line of defense—wherever they are. Is your team working remotely without real protection? We help companies strengthen the security of remote access and develop tailored policies so your data remains private—even on a public network. Contact us today to secure your remote work.

Secure guest Wi-Fi: adopt Zero Trust in French-speaking Switzerland The fundamental principle of Zero Trust: never trust, always verify No device or user should be granted automatic trust simply because they are connected to your guest network. Below are the key steps to creating a secure and professional guest Wi-Fi environment. The business benefits of a Zero Trust guest Wi-Fi Implementing a Zero Trust–based guest network is not just a technical necessity—it’s a strategic decision that delivers financial and reputational benefits. By moving away from the risky shared-password model, you significantly reduce the likelihood of costly incidents for your business in French-speaking Switzerland and beyond. A compromised guest device could otherwise act as a gateway for attacks, leading to service disruptions, data breaches, or regulatory fines. Conversely, proactive measures such as isolation, verification, and strict policy enforcement are an investment in business continuity and peace of mind. Real-world example: the well-known Marriott data breach, where attackers exploited a third-party access point to compromise millions of personal records. While not strictly a Wi-Fi incident, it illustrates the financial and reputational consequences of a network vulnerability. A Zero Trust guest network that strictly isolates guest traffic from internal systems would have prevented this type of lateral movement. Building a fully isolated guest network For SMEs in French-speaking Switzerland, we recommend complete network separation as the first step. Your guest network should never mix with internal traffic. How to do it: Create a dedicated VLAN for guests with a separate IP range. Configure your firewall to block all communication between the guest VLAN and the main VLAN. Guests should only have access to the Internet. This strategic isolation prevents any infected device from spreading to your servers or sensitive data. Deploying a professional captive portal Forget the static password. Replace it with a secure, customized captive portal (like those used in hotels or conferences). Possible options: A unique code generated by reception, expiring after 8 or 24 hours. A form requesting name and email address to trace connections. One-time password (OTP) authentication sent via SMS. These methods enforce the “never trust” principle by turning an anonymous connection into an identified session. Strengthening security with NAC (Network Access Control) A captive portal is a good start, but for optimal security, add a NAC solution. NAC acts like a digital bouncer, verifying the identity and compliance of each device before granting access. Examples of checks: Firewall enabled on the device. Latest security updates installed. If a device fails these checks, NAC can redirect it to a restricted zone with instructions or block the connection entirely. Limiting session duration and bandwidth Zero Trust is not only about access, but also about duration and usage. Enforce timeouts (e.g., reauthentication every 12 hours). Limit bandwidth to prevent 4K streaming or massive downloads. These measures reduce exposure without disrupting essential needs such as email and web browsing. Creating a secure and welcoming experience Zero Trust guest Wi-Fi is no longer reserved for large enterprises—it is a fundamental requirement for all organizations, including SMEs in French-speaking Switzerland. By adopting a layered approach—segmentation, verification, continuous enforcement—you eliminate a commonly overlooked entry point while delivering a professional service to your visitors. Need secure guest Wi-Fi without complexity? Contact AWSMTECH (Switzerland) LTD today. We help companies in French-speaking Switzerland and across the country implement these best practices easily, ensuring your peace of mind and the security of your guests.