IT-security: Why every SME should take care

CyberForum 25.07.2017

Heartbleed, Wannacry and now Petya: the list of cyber attacks is growing. But such large-scale and global cyber attacks are only the tip of the iceberg in the debate about the security of our virtual world. Often ordinary criminals are behind these attack and all companies are equally at risk of being the target of criminal hackers.

Behind widely-known cyber attacks of the past weeks often foreign intelligence services or terrorists are suspected. The majority of the cyber attacks - which occur every day millions of times - are however committed by criminals, with the only goal of making profit. Malicious software, phishing e-mails and Ransomware threaten everyone who reads e-mails, uses cloud services, or exchanges data via a corporate network.



How to protect


„Accept the danger“: Accept that your network is infected. With this insight, your organization's awareness increases with security risks and the security of virtual space is a constant struggle.

"Make IT security a topic for the CEO": Organizational errors often hinder the handling of cyber attacks. A holistic protection can only be achieved if the topic is given top priority."Soft shell, hard core": Identify the "crown jewels" in your system. What data is particularly important for your core business? Which documents should in no case be lost? On which server are your business secrets? IT security can be compared with a medieval defensive wall: outside a moat, which can easily be surmounted, deeper inside you need stronger fortifications. The firewall often is  not an obstacle for attackers, the important systems need higher protection.

"Never ignore updates": The first step of an effective virtual protection system is the establishment of a controlled patch management. Most SMEs use standard IT solutions that regularly close security gaps with updates. However, the updates must be installed and maintained. The attacks mentioned at the outset could only spread so widely due to badly patched system. Here a structured procedure and clear responsibilities can help to secure your IT infrastructures.

"Employees are the weak point ...": Another element of a security strategy is the training of the employees. The human factor is still the greatest danger. Often the employees use too easy passwords or open attachments from untrustworthy senders. Regular trainings help to raise awareness among employees.


Let yourself be helped


Small businesses often lack the resources to take care of IT security. Without external help, companies are quickly overwhelmed. Get external expertise to detect potential hazards and close security gaps. But what is most important: Just start! Doing nothing and hoping that your company won't be the target of a hacker attack is not a strategy for the future - because in a future where even coffee machines will be networked, the likelihood is very little affected. 

Find out more at: www.diz-bw.de