It law – The protection of French websites against cyberattacks
Since the 7, 8 and 9 January attacks in France, many French websites have been attacked.
On Thursday, January 15, ANSSI (French Network and Information Security Agency) published guidance for website administrators to guard against this significant increase of computer hacking.
The vast majority of these attacks does not require a high level of technical expertise and exploits security weaknesses on relatively simple and vulnerable websites, in particular through website defacements, or denial of service attacks.
The ANSSI recalls that it is possible to guard against these types of attacks by applying good practices. It is particularly recommended to use complex passwords for the access to administration interfaces, and to install all the security patches. In case of defacement, the ANSSI also recommends to file a complaint and in particular to keep a copy of the compromised website. Before restoring the site to its normal state and putting it online, it is necessary to correct the identified vulnerabilities.
These good practices are detailed in the following ANSSI information sheet for website administrators: http://www.ssi.gouv.fr/IMG/pdf/Fiche_d_information_Administrateurs.pdf
The complaint can be submitted to specialised central services listed on the following page: http://cert.ssi.gouv.fr/site/CERTA2002INF002/index.html
The implementation of the ANSSI’s recommendations contained in its computer hygiene guide to IT managers (available on the website www.ssi.gouv.fr) is also strongly recommended.
Employment law – Professional training Personal training account:
Are you ready?
As from January 1st 2015, the individual right of training (i.e. Droit individuel à la formation hereafter
The “DIF”) is replaced by a new system so called the personal training account (i.e. Compte personnel deformation – hereafter the “CPF”).
What are the consequences for the employers ?
To allow employees to use their remaining hours of DIF, the employers must inform, in written, each employee, before January 31st, 2015, about the number of hours of DIF they have acquired and not yet
used, on December 31st, 2014.
What is the formalism required for this information ?
This information must be written and provided to the employee by any appropriate mean. Thus, the employers shall either insert this piece of information on the January 2015’s pay slip, or send a specific slip to the employee, on January 31st, 2015 at the latest.
Whatever the form of deliver, it is strongly recommended that the employer keep a copy of this document, to be able to prove that he has duly fulfilled his obligation.
How to treat training sessions already approved in 2014 that runs, at least for a part of it, over 2015 ?
In this event, the number of hours financed by the accredited fund collecting agency should have been
deducted in advance of the remaining hours of DIF made on December 31st, 2014.
As a consequence, theses hours should not be mentioned in the certificate provided to the employee in January 2015.
At what point the CPF will be accessible to the employees ?
As from January 5th, 2015, the employees have access to their CPF on the website www.moncompteformation.gouv.fr, on which they will have to transcribe the number of remaining hours of DIF as referred on the certificate they have been provided with by their employer.
This website will notably specify the number of hours of training of each employee and the list of the training included within the scope of the professional training.
The remaining hours DIF will not be automatically transferred on the CPF of each individual employee but the employee must publish him / her on his personal account on line.
How will be used these remaining hours of DIF until December 31st, 2020 ?
When an employee benefits from training session within the scope of his/her CPF, the remaining hours of DIF would be used uppermost. When required, it would be completed by the hours of CPF accrued, up to a maximum of 150 hours.
What are the new financial obligations for the employers ?
For the salaries paid in 2015, the company will fund the professional training through payment of a sole
contribution.
The rate of this sole contribution is based on the level of salaries and depends on the headcount of the
company.
In practice, for the contribution calculated on salaries paid in 2014, the companies will have to pay it on
March 1st, 2015 at the latest, according to former regulations. New regulations will apply as from contributions collected in 2016 based on salaries paid in 2015.
For further information or any enquiries, please contact us: contact@harlaylaw.com