E-mails are a gateway
Comment by Rainer Seidlitz, Head of Product Management Safety & Security, TÜV SÜD Akademie GmbH on the Day of Computer Security (30.11.2021)
Rainer Seidlitz, Head of Product Management Safety & Security, TÜV SÜD Akademie GmbH
The importance of cybersecurity and a secure digital ecosystem continues to grow. Networks are constantly being put to the test by attacks. While malware distributors and hackers are becoming more professional and are now offering their services as-a-service for rent, small and medium-sized enterprises (SMEs) in particular are lagging behind in terms of countermeasures. Although many pay more attention to securing network and cloud infrastructures against external attacks, they fail to inform their employees about the threats and countermeasures to strengthen them as a human firewall.
The most popular way to gain unauthorized access to a corporate network is and remains the e-mail, as various studies show. The messages usually contain a malware-infected file as an attachment or the link to a fraudulent Internet page that is supposed to steal the access data as part of phishing. Especially popular are the digital appearances of online mail order companies, banks and parcel services – often the mails are even personalized. The hackers are also no longer afraid of exploiting the possible fears of their victims – everything from supposed information about the corona pandemic to applications for urgently needed social assistance has already been abused. Anyone who does not pay attention to suspicious sender addresses or strange website URLs in such e-mails will quickly end up in the clutches of criminals.
More home office requires more responsibility
How long the crisis will occupy us cannot be determined. However, the home office as a way of working is now anchored in society. However, mobile working brings new challenges for IT security and at the same time requires the workforce to take on more responsibility for securing the network. It is not enough to simply inform employees about the threat situation. It is important to establish an awareness of IT security in the company up to the management level and to convey to employees that they are an important part of cyber defense. This requires regular exercises, such as simulations in everyday life, when the employees are doing their usual work. As a result, you are prepared for an emergency and can determine the procedures to create a crisis plan.
Creating awareness for IT security
All parties involved in a company must know how threatened their company is and what role they should take on in an attack. Remote work with many devices and access points to the corporate network increases the pressure. However, since SMEs in particular often lack specialists and resources to prepare well, it is worthwhile to involve external experts from an independent side, who, if appropriate, with appropriate training and aptitude. can also be designated as an information security or data protection officer. IT security does not only consist of hardware and software, but also of trained employees.