The following catalogue of measures takes the organisational and technological responsibilities within your company into account.
Measure No. 1 – Up-to-date unchangeable data backup/write-protected backup
Secures the survival of your company, in the same way as an airbag in a car
Secures the survival of your company, in the same way as an airbag in a car
- Define a person for implementation and review
- Ensure external storage of the backup
- Automated, write-protected backup process including encryption
- If the above is not possible: disconnect the backup medium from the network and store it offline
Measure No. 2 – Comprehensive and up-to-date protection against malware
This is your first line of defence, like a safe front door
This is your first line of defence, like a safe front door
- Awareness-raising and training of employees with regard to dealing with e-mails, websites, passwords etc.
- Comprehensive, companywide malware protection for end devices, servers, cloud and e-mail services
- Restrict macro execution; Install internet and spam filters
Measure No. 3 – Harden networks and remote access
Your defences for selectively preventing unauthorised access
Your defences for selectively preventing unauthorised access
- Training of employees and suppliers for remote access
- Use a firewall to divide your network into zones so that important business areas are segregated
- Additionally secure remote access using 2-factor authentication (e.g. SMS code)
Measure No. 4 – Keep hardware and software up to date
Your guarantee for a secure, properly functioning IT
Your guarantee for a secure, properly functioning IT
- Define a person who is responsible for the administration and periodic review of the licenses/updates
- According to the risk assessment, replace outdated systems and physically protect existing ones (e.g. access to the server)
- Use only current operating systems and applications
- Isolate old systems from the network
Measure No. 5 – Employees and their roles
Your self-protection with limitations to what is strictly necessary
Your self-protection with limitations to what is strictly necessary
- Use a role concept to define which rights are necessary for each employee
- Also check and restrict management access rights
- Create password rules for employees
- Link and restrict defined roles with the access rights
Measure No. 6 – Define emergency processes
Your protection in an emergency by means of a clearly defined plan instead of improvisation
Your protection in an emergency by means of a clearly defined plan instead of improvisation
- Determine the emergency organisation, define processes and inform all employees
- Regularly review roles and processes and restore data frequently
- Use independent technology to ensure documents can be accessed even in an emergency (e.g. emergency note, paper folder, cloud or mobile solution)