Swiss Cyber Defence DNA
Protection against blackmailing for SMEs
Swiss Cyber Defence DNA (SCD-DNA) is a guide for your SME, designed to help you protect yourself easily and efficiently against the dangers of cybercrime and major financial losses.
The following catalogue of measures takes the organisational and technological responsibilities within your company into account.
Measure No. 1 – Up-to-date unchangeable data backup/write-protected backup
Secures the survival of your company, in the same way as an airbag in a car
Secures the survival of your company, in the same way as an airbag in a car
- Define a person for implementation and review
- Ensure external storage of the backup
- Automated, write-protected backup process including encryption
- If the above is not possible: disconnect the backup medium from the network and store it offline
Measure No. 2 – Comprehensive and up-to-date protection against malware
This is your first line of defence, like a safe front door
This is your first line of defence, like a safe front door
- Awareness-raising and training of employees with regard to dealing with e-mails, websites, passwords etc.
- Comprehensive, companywide malware protection for end devices, servers, cloud and e-mail services
- Restrict macro execution; Install internet and spam filters
Measure No. 3 – Harden networks and remote access
Your defences for selectively preventing unauthorised access
Your defences for selectively preventing unauthorised access
- Training of employees and suppliers for remote access
- Use a firewall to divide your network into zones so that important business areas are segregated
- Additionally secure remote access using 2-factor authentication (e.g. SMS code)
Measure No. 4 – Keep hardware and software up to date
Your guarantee for a secure, properly functioning IT
Your guarantee for a secure, properly functioning IT
- Define a person who is responsible for the administration and periodic review of the licenses/updates
- According to the risk assessment, replace outdated systems and physically protect existing ones (e.g. access to the server)
- Use only current operating systems and applications
- Isolate old systems from the network
Measure No. 5 – Employees and their roles
Your self-protection with limitations to what is strictly necessary
Your self-protection with limitations to what is strictly necessary
- Use a role concept to define which rights are necessary for each employee
- Also check and restrict management access rights
- Create password rules for employees
- Link and restrict defined roles with the access rights
Measure No. 6 – Define emergency processes
Your protection in an emergency by means of a clearly defined plan instead of improvisation
Your protection in an emergency by means of a clearly defined plan instead of improvisation
- Determine the emergency organisation, define processes and inform all employees
- Regularly review roles and processes and restore data frequently
- Use independent technology to ensure documents can be accessed even in an emergency (e.g. emergency note, paper folder, cloud or mobile solution)
Thomas Liechti
Initiator and CEO, MOUNT10 AG
Hello and welcome to the SCD-DNA homepage
Together with well-known partners from the industry, we have launched this initiative for you and your SME. These guidelines are intended to provide simple and independent guidance for protecting your company in the digital world. We have deliberately refrained from including the interests of the sponsoring partners in these measures, as they are intended to be for your benefit and not ours.
We all hope that we have been of help to you in doing this. If you have any questions, just contact the project manager of the sponsoring body or the executive sponsors directly. Thank you for your interest, and I hope that you enjoy uncomplicated implementation with the help of your implementation partner.
Together with well-known partners from the industry, we have launched this initiative for you and your SME. These guidelines are intended to provide simple and independent guidance for protecting your company in the digital world. We have deliberately refrained from including the interests of the sponsoring partners in these measures, as they are intended to be for your benefit and not ours.
We all hope that we have been of help to you in doing this. If you have any questions, just contact the project manager of the sponsoring body or the executive sponsors directly. Thank you for your interest, and I hope that you enjoy uncomplicated implementation with the help of your implementation partner.
