An article on the important topic of cybersecurity and cybercrime was published in one of the last issues of the RZ-Wirtschaftszeitung. We have intensively dealt with the question of how well our company is protected against possible hacker attacks.
One of the first questions we were asked was whether we had already been affected by cybercrime or hacker attacks. Fortunately, we can answer with a clear “no”. We are at least not aware of any attack against our company. However, this does not mean that we sit back and ignore the danger.
We are aware that the likelihood of attempted attacks on us is high. Especially in (medium-sized) industry, cybercrime is a significant risk. To counteract this danger, we have already established a number of security measures in our company.
Our ultimate goal is to keep the risk as low as possible. Therefore, we have already set up a powerful hardware firewall that monitors our network and regulates external access to the company. In addition, we use NextGen anti-virus software on all our devices, both on the PCs and notebooks and on the servers. This software provides protection against unknown malware through behaviour detection and protects against encryption.
Another important step in our security concept is the use of multiple authentication wherever possible. We generate one-time passwords in addition to the regular passwords via smartphone app, SMS or phone call. Especially for IT systems that are theoretically accessible from outside the company network or allow external access, such as cloud services or VPN for home offices, this additional protection is of great importance.
In addition, we only allow third parties, such as IT service providers, remote access to our IT systems after an active release. IT must temporarily enable access, which is automatically disabled again after a certain period of time. This ensures that no access takes place without our knowledge.
An extended data backup concept also plays a crucial role in our security strategy. We use the latest data backup software and hardware and make regular backups that are stored in various locations throughout the company. Offline data backup” is particularly important to us. A copy of the backup is actively separated from the company network, for example by an external USB hard drive that is changed at least daily. In addition, we encrypt the backup files to ensure even greater protection.
To ensure that our employees have the necessary knowledge about data protection and data security, we conduct regular training sessions. We sensitise them to potential dangers and point out examples to be mindful. In case of suspicious circumstances, we inform all employees promptly and give clear instructions on how to react.
Based on our experience, we would like to give you some tips on how to protect your business from cybercrime. Data protection is the top priority. It is crucial to perform regular backups, using offline backup to make it difficult for attackers to access and delete the data. In addition, we recommend the use of multiple authentication to increase the protection of your IT systems. Remember that investing in IT security can also mean long-term cost savings. Don’t skimp on your company’s security.
Finally, we would like to emphasise that protection against cybercrime is an ongoing task. We are always interested in further expanding our safety measures. In the future, we plan to separate our IT networks for production IT/administration IT and office IT through additional internal hardware firewalls. In addition, we will carry out penetration tests to uncover possible vulnerabilities. Restricting the use of Microsoft cloud services and using separate admin users for different systems are also part of our considerations.