Your questions about managed IT
services for SMEs

In 2025, the average cost of a cyberattack on a French SME reaches €466,000 according to the Court of Auditors and ANSSI. This figure includes business downtime (27 days on average), technical remediation, GDPR penalties and customer loss. 60% of SMEs that suffer a major cyberattack cease operations within 18 months.

Yes, and increasingly so. 43% of cyberattacks target SMEs (ANSSI 2024). Hackers target them precisely because they are less protected than large corporations, yet hold exploitable data (customers, accounting records, intellectual property). 144 ransomware compromises were reported to ANSSI in 2024, the majority involving organisations with fewer than 250 employees.

4 immediate actions: 1) Disconnect infected machines from the network (do not switch them off). 2) Notify your IT provider and report to the relevant cybercrime authority (cybermalveillance.gouv.fr in France). 3) Never pay the ransom — there is no guarantee of data recovery, and you are funding criminals. 4) File a police report. ANSSI recommends never negotiating directly. The best protection remains prevention: tested off-site backups and EDR on every workstation.

A traditional antivirus detects known threats using signatures (a database of viruses). An EDR (Endpoint Detection & Response) analyses suspicious behaviour in real time using artificial intelligence. It can detect an unknown ransomware, automatically isolate a compromised workstation and enable post-incident investigation. In 2025, antivirus alone is no longer sufficient against current threats.

The NIS2 directive (transposed into French law in October 2024) applies to companies with 50+ employees or €10M+ turnover in 18 sectors (healthcare, energy, transport, digital, food…). However, even if your SME is not directly in scope, your principal clients may require compliance from their subcontractors. Achieving compliance is an opportunity to structure your cybersecurity posture properly.

The 3-2-1 rule recommends keeping 3 copies of your data, on 2 different media (local disk + cloud, for example), with 1 copy stored off-site (remote datacentre). This is the minimum standard recommended by ANSSI. In 2025, the 3-2-1-1-0 rule is becoming the norm: add 1 immutable copy (unmodifiable, even by an administrator) and target 0 errors in restoration tests.

A DRP (Disaster Recovery Plan) aims to restore operations after an incident — it accepts a period of downtime (RTO, typically 4 to 24 hours). A BCP (Business Continuity Plan) maintains operations without interruption through redundancy (clustered servers, real-time replication). A BCP costs 3 to 5 times more than a DRP, but guarantees zero downtime for critical activities.

ANSSI recommends a restoration test at least once per quarter. 34% of companies never test their backups — and discover the problems when a disaster actually occurs. At ECLAUD IT, we test monthly by restoring a sample of data in an isolated environment. Every test is documented with the measured restoration time compared against the contractual RTO.

This is the primary risk if your backups are on the same network as your workstations. The solution: immutable backups stored off-site. Veeam and Acronis offer air-gapped or immutable copies that even a compromised administrator cannot delete. The rule: if your backup is accessible from any workstation on the network, it is not secure.

ECLAUD IT works with SMEs of 5 to 120 workstations across a variety of sectors: healthcare (medical practices, dentists, clinics), architecture and construction (AutoCAD, Revit, BIM), professional services (accounting and legal firms), tourism, training and non-profit organisations. Our common thread: businesses where IT is critical to operations but that do not have the means or the need for a full-time IT director.

No. Our headquarters are in Saint-Paul (Reunion Island) and we also operate in the Île-de-France region. Level 1 and 2 support is provided remotely for both zones. On-site interventions are carried out by our local technicians. Supervision and monitoring run 24/7 regardless of location.

A repair shop fixes things when they break. ECLAUD IT makes sure they do not break in the first place. As an MSP (Managed Service Provider), we continuously monitor your infrastructure, anticipate failures and manage your backups and cybersecurity. You have a single point of contact who knows your environment — not a different technician at every call-out.

A 30-minute call to understand your situation: number of workstations, servers, business software, current pain points, regulatory constraints. Then, a free audit of your infrastructure (inventory, network mapping, risk analysis). On that basis, we propose a tailored offer — no generic package. The first month is a supported transition period.

Our contracts include a reversibility clause: we guarantee the complete transfer of your data, access credentials, passwords and technical documentation. The notice period is 3 months. We manage the transition alongside the new provider to ensure service continuity. Your data belongs to you — always.