This page has an average rating of %r out of 5 stars based on a total of %t ratings
Reading Time 5 Minutes Reading Time 5 Minutes
Created on 07.05.2019

For the sake of your business: how to go about cybersecurity

Data is like gold in the digital age. Being careless with information is risky for any company, which is why IT security is so important. What are the most common stumbling blocks? How can you spot them?

IT experts have warned us about the increasing threat to IT security. Nearly 40% of all Swiss companies were a victim of economic crime or fraud in 2018, and in roughly half of these cases, cybercrime was the culprit. This means Switzerland is way above the global average of around 31%, and so cybersecurity needs to be a top priority for Swiss companies. But what exactly should a good security concept entail?

Back when the very first PCs were installed in our homes and offices, we were still being warned: just don’t install any viruses (“malware”) by mistake when you’re surfing the web. Sadly, this is no longer the only threat out there. Indeed, quite the  opposite is true. Seeing as our internet usage has drastically increased, there are quite a few cunning fraudsters out there who have got well and truly caught up in the “gold rush”, or perhaps, more aptly, the “data rush”. 

What you need to know about ransomware, botnets and phishing

What sort of damage is the most commonplace today? Big tech companies see three major threats. The most common of these is what’s known as phishing. Phishing uses fake websites, fraudulent e-mails or text messages to try and access an Internet user’s personal data. In Switzerland, more than 40% of all cyber attacks are down to phishing.

Ransomware can also be damaging. Ransomware is used to infect and encrypt files (sometimes entire hard drives) so users cannot access them. Fraudsters then demand a ransom for decrypting them. The problem is, though, that there is no guarantee the fraudster will release the files upon receiving the ransom.

The third major threat to IT security is bots. When we see the word bot, the majority of us would picture a useful automated program. However, it could just as well be an automated piece of malware. If you find a malicious bot like this on your computer, it might be the case that your computer is part of a botnet. A botnet is a network of hijacked computers that are controlled using a command-and-control (C&C) server. The C&C server is the central computer that instruct the bots on what to do, e.g. collect sensitive data or send out spam.

What weak points you need to bear in mind when it comes to IT security

A lack of proper protection can result in major damage. This is why it is very important to identify the most common weak points in companies and to keep reviewing your IT security concept. 

Carelessness

The first weak point is pretty obvious: carelessness. It’s not long before an employee fails to notice that an odd e-mail from the CEO has in fact been forged, and that a fraudster is behind it, or before someone clicks on a suspicious link out of sheer curiosity. 

Unpatched systems

If a piece of software is not fully up to date on a system, then that is what we call an unpatched system. A patch is an up-to-date version of a system that often also contains security updates. This means if a person has not downloaded the latest patch, the system is lacking vital protection. If the manufacturer stops publishing patches, then the product should no longer be used.

Unprotected server systems

This is a weak point a company’s IT officer needs to keep tabs on. Any security concept requires detailed measures on how to protect server systems and data against attacks. 

What do you need to know about IT security?

Essentially, an IT security concept must be able to tackle the threats to my IT landscape. So you don’t have to reinvent the wheel, you could also use a standard such as ISO 27001 or the NIST Cyber Security Framework to guide you. It is important to carefully identify any risks to your own IT infrastructure so you can take suitable protective measures. The thing is, though, that it is impossible to generalize about what is right for you and your business. However, the following recommendations may help you protect your information more effectively.

Six tips for your security concept

One thing is clear: weak points such as carelessness are not something we can avoid entirely because, at the end of the day, we are only human. But there are measures you can make part of everyday business really effectively. The following six pointers may help protect you and your company from cyber attacks more effectively.

  • Update all your software and, of course, your operating system on a regular basis.
  • Making regular backups is absolutely key so you don’t end up losing data. These backups (if they are on external hard drives) should be stored separately, and, if you are working with cloud storage, you should also encrypt the data to prevent third parties gaining unauthorized access.
  • Browser security: by installing secure browsers, this will offer additional protection from malware and the like. We recommend the PostFinance SecureBrowser for your e-finance. 
  • Be proactive about spotting anything suspicious and try and boost your security: where does your IT security concept have weak points? Does your company keep getting phishing attacks, or has it already been the victim of a ransomware attack? If this is the case, you should provide your employees with training on these specific issues. 
  • Monitor systems: is there any indication of infected PCs? Has a bot managed to infiltrate your computers somewhere? 
  • Introduce two-factor authentication. In addition to a strong password, authentication also requires a second factor. This is typically a code on a hardware token that keeps changing, or a PIN that is sent as an SMS to your mobile when you log in. This second factor would make attempting to crack your password pointless.

Along with these security measures, you could also come up with guidelines for your staff. They could contain these pointers:

  • notify the IT department immediately if you lose a computer or smartphone that has access to confidential information.
  • Fraudulent e-mails, excessive spam, ransomware, Trojan horses and so on should, as a general rule, be reported to IT immediately. It is better to be safe than sorry. 
  • Outline what a strong password should look like:
  • the fact a password should be as complicated as possible is something we all know. That said, it should not be so complicated that nobody can remember it. With that in mind, it might be useful to create sentences, ensuring you only use initials and figures.
  • Use a password manager Have a password manager generate your passwords for you, and make sure it is particularly well protected.

Of course, these recommendations do not cover everything. For more information about how PostFinance is tackling security in online banking, have a look on our website.

Keep updating your security concept

Only time will tell what the future holds for IT security. One thing is crystal clear, though: malware, bots, botnets, ransomware, phishing and so on are probably just the tip of the iceberg. However: those attacks that fraudsters find the most effective are as old as humanity itself. They actually focus on people themselves being the weak point, and one they can exploit. And sometimes, this requires very little effort. After all, is there anything simpler than a user downloading ransomware onto their computer or opening a suspicious e-mail of their own volition? With more and more sensitive data and information finding its way online, the task at hand certainly isn’t getting any easier. This is why it is vital you protect your staff and your company really effectively – and keep it up.

This page has an average rating of %r out of 5 stars based on a total of %t ratings
You can rate this page from one to five stars. Five stars is the best rating.
Thank you for your rating
Rate this article

This might interest you too