The following catalogue of measures takes the organisational and technological responsibilities within your company into account.

Measure No. 1 – Up-to-date unchangeable data backup/write-protected backup
Secures the survival of your company, in the same way as an airbag in a car
  • Define a person for implementation and review
  • Ensure external storage of the backup
  • Automated, write-protected backup process including encryption
  • If the above is not possible: disconnect the backup medium from the network and store it offline
Measure No. 2 – Comprehensive and up-to-date protection against malware
This is your first line of defence, like a safe front door
  • Awareness-raising and training of employees with regard to dealing with e-mails, websites, passwords etc.
  • Comprehensive, companywide malware protection for end devices, servers, cloud and e-mail services
  • Restrict macro execution; Install internet and spam filters
Measure No. 3 – Harden networks and remote access
Your defences for selectively preventing unauthorised access
  • Use a firewall to divide your network into zones so that important business areas are segregated
  • Additionally secure remote access using 2-factor authentication (e.g. SMS code)
Measure No. 4 – Keep hardware and software up to date
Your guarantee for a secure, properly functioning IT
  • Define a person who is responsible for the administration and periodic review of the licenses/updates
  • According to the risk assessment, replace outdated systems and physically protect existing ones (e.g. access to the server)
Measure No. 5 – Employees and their roles
Your self-protection with limitations to what is strictly necessary
  • Use a role concept to define which rights are necessary for each employee
  • Also check and restrict management access rights
  • Create password rules for employees
  • Link and restrict defined roles with the access rights
Measure No. 6 – Define emergency processes
Your protection in an emergency by means of a clearly defined plan instead of improvisation
  • Determine the emergency organisation, define processes and inform all employees
  • Regularly review roles and processes and restore data frequently