The number of cyber attacks has increased dramatically in recent years. This trend was reinforced by the corona pandemic, which forced many employees to work from home and made companies more vulnerable to threats.
Figures speak for themselves
The numbers make this clear: in 2021, the proportion of German companies with at least one cyber attack rose from 41% to 46%. This means that almost every second company is now affected. As a result, German companies also invest the most in cybersecurity internationally - compared to 2020, the amount increased by 62%.
In a comparison of eight countries, Germany also had the highest mean total costs of a cyber attack and suffered the most expensive single attack (damage of 4,6 million euros).
Germany is “World Champion”, but this is a title that companies would like to lose again. Even if many of them are now investing heavily in appropriate measures, unfortunately there are still mainly small and medium-sized companies who underestimate the dangers.
Because even a weak point in the system can be enough for a hacker to spy out sensitive data or sabotage the process. As already mentioned, many employees switched to the home office during the pandemic and some are still working there to a greater extent.
Cyber risks from home office and remote work
As practical and flexible as these regulations are for many employees, they always pose a certain risk for cyber security, especially with family responsibilities. Because at home, the employee may work on their own PC and in their own WLAN. And not everyone is concerned about sufficient cyber security within their own four walls.
The employee may go to a coffee shop and connect to an unprotected hotspot there. The list of possible dangers could be continued, but it must be said unequivocally that the responsibility for sufficient cyber security within the company chefsache is and should not be passed on to the employees alone.
There are many ways a company can prevent cyberattacks in advance, rather than just having to clean up the shards that an attack caused after the fact. In the following you will find out how you can best protect your company.
7 tips for corporate cyber security
1. Use of a VPN
What is a VPN connection? The abbreviation stands for Virtual Private Network. At the corporate level, this means creating a tunnel between the company's resources and the people accessing them. Only employees connected to the VPN server can access these resources.
This tunnel is encrypted, so outsiders have no chance of intercepting data. VPNs are also offered for the private sector and work on a similar principle.
A VPN thus creates important basic protection for the company, as it completely shields the digital infrastructure from prying eyes.
2. Encryption of emails and files
emails to encode, especially those with attachments that contain sensitive documents, should actually be standard in companies and government agencies. Unfortunately, many employees shy away from the additional (albeit small) effort that goes with it.
Files with sensitive files on the work PC should also be encrypted and ideally located on external hard drives. This has the advantage that even if the PC is infected, hackers cannot access these files. The disadvantage, on the other hand, is that external devices can be stolen.
Full control of such measures is difficult for managers to carry out. Rather, they don't have much choice to sensitize employees to this in training courses (more on this later).
3. Password Security
Companies need to ensure that employees use complex and unique passwords for their work accounts. In addition, employees should be reminded at regular intervals to change their passwords.
A certain constraint makes sense in this context. This means that after a certain date it will no longer be possible to log in until the password has been changed.
A wise investment can be a password manager, which is also available for companies. With a so-called master password, employees gain access to this virtual vault and can access access data. The company can use defined roles to determine who can access which passwords.
4. Download updates promptly
The company must always keep operating systems and software up to date. The responsibility clearly lies with management; Updates should preferably be reloaded at night as soon as they are available.
Updates not only offer new functions for software, but above all they close known security gaps. Important: the larger the company, the more useful it can be to get an overview of the hardware and software used and to ensure that the manufacturer provides security updates as quickly as possible.
5. Special protection of important data
Not all data in a company is equally important. For example, an overview of the cafeteria menu is less important than the source code for software the company is developing.
Arrange data according to security needs and equip the most valuable data with the highest protection.
6. Regular employee training
Cyber threats are constantly changing; what is classified as an acute threat today may be old hat tomorrow. It is therefore all the more important to keep employees up to date so that they can identify possible dangers in advance and act accordingly.
7. Outside Help
If it is not possible for the company to manage cyber risks by internal staff, experts from IT companies can be hired to take care of cyber security.
They can take stock of the company's concrete threat situation and suggest and implement appropriate protective measures.
