Six IT security tips
When staffing levels in a company are low because many employees are at home or on holiday at the same time, cybercriminals see their chance. The threat situation for SMEs is getting worse, say numerous security experts in the eco Security Study 2021.
Cyber criminals know the common and current security gaps, for example on email servers, and specifically look for systems that have not yet closed them. Around one in five companies had one or more serious security incidents last year, according to eco - Verband der Internetwirtschaft. In around 20 percent of these incidents, the cybercriminals would have Trojan software usedto extort ransom money from companies in order to get encrypted files released again.
Check security of all IT systems
"If applications and data are encrypted by extortion Trojans, so-called ransomware, and even customer data is stolen, then companies suffer a severe loss of reputation. In the worst case, the situation can threaten the very existence of the company," says Markus Schaffrin, IT security expert and head of the Member Services division at eco - Verband der Internetwirtschaft. "Companies need to secure themselves to the maximum at all times and be able to react quickly if the worst comes to the worst." IT managers should regularly check the security of all IT systems, especially during the holiday season, and train and sensitize their colleagues. In concrete terms, eco - Verband der Internetwirtschaft e. V. (Association of the Internet Industry) provides six tips for this:
- Keep all systems up to date at all times. To do this, make an inventory of the software and systems in use: What is being used and where? Which systems are currently running and which have been decommissioned? Define processes for regular updates and emergency patches and practice them with your employees.
- Proactively collect information on potential vulnerabilities, such as from the BSI (Federal Office for Information Security) and CERT-Bund. Evaluate risks and classify them accordingly: which services are most important for my company, what impact do vulnerabilities have on my business?
- Plan your response to a potential crisis or emergency in advance. Nearly one in three companies (31 percent) have not yet established an emergency plan to respond appropriately. Do so as soon as possible and brief employees accordingly to limit or prevent damage to organizations, businesses or individuals.
- Regularly raise awareness among your staff about the cyber dangers posed by phishing attacks, for example. Regularly educate your employees and build up the corresponding competencies so that your colleagues react correctly in case of doubt. With regular training courses, you keep this security awareness and the awareness of cyber dangers high in the corporate culture.
- Use strong passwords according to the Recommendation of the BSIChoose password lengths of at least eight characters, use upper and lower case letters as well as special characters and numbers. Passwords should not be written down, but only stored encrypted on the computer. Tip: Mnemonic devices can help you to remember cryptic passwords.
- Make regular backups, they protect you and your company from data loss, for example in case of ransomware incidents and hardware damage. Apps for computers, tablets and smartphones make backup possible for everyone in a short time - for example via cloud solutions or external device storage. Backing up your computer and mobile devices should become an indispensable ritual, just like brushing your teeth every day.
Source: eco - Internet Industry Association
Other topics:
- 10 Impulses for cyber security policy
- Suissedigital expands its cyber security check
- IT security: underestimated dangers
