IT security: people, backups and authorities

1 Employees

Make sure that your employees can take care of the security status. Is the operating system supplied with all updates? Are backups being restored for testing? If these questions cannot be answered, it makes little sense to purchase new tools. After all, a tool that is not maintained is useless or even dangerous because it falsely suggests security. You need people who have the time, expertise and passion for information security. Only when your team is in place can you really get started.

2 Backup

A backup does not automatically make you worry free. There are unreadable backups, software that takes forever to restore, or long waiting times when the infrastructure has to be rebuilt after an attack. By the way, offline backups are far from being obsolete. Storing data on a mobile data medium in a safe can be a lifesaver if the online backup is compromised. Another important point is that backups need to be practiced. I recommend that you put backing up on your agenda four times a year. This way, important questions are already answered in case of an emergency. One more hint: Administrators should definitely work with their own user on the backup systems, protected by a strong password or, even better, by two factor authentication.

3 Logs

After the cyber attack, patient zero must be found: Where was the gateway for the attack? That's easy, but only if the relevant logs are available. If this is not the case, companies are at a loss as to how the attackers moved through the server environment. The logs of the systems that can be attacked are particularly important. The most important logs are stored in our central SIEM anyway, as soon as the go2WGSSecurity project is implemented. These are logs of the systems for protection against malware on PCs and servers, in addition firewall, e-mail and mail system as well as the proxy. Further data can be collected centrally by the NetEye system of Würth Phoenix. The logs should be kept for at least one year, which is essential for a good analysis of cyberattacks.

4 Firewall

You get the best protection when your firewall is operated by a specialized service provider. After all, security is not something you get on the side, and rarely from a network administrator who cannot keep a constant eye on the firewall. Also important is the clean maintenance of the rule set for incoming connections. That's why after the go2WGSSecurity project you are at the colleagues of ONE IT in best hands.

5 Authorities

In the event of damage, be sure to report it to the police. This is the only way the police can get an overview of the current situation. Most countries have well trained cybersecurity units that you can trust. In addition, the authorities responsible for data protection should always be brought on board. Coordinate with the central compliance organization of the Würth Group here.

6 Service provider

IT specialists, project managers and communication experts can support you in the event of a cyber attack. Unfortunately, companies sometimes take advantage of the emergency situation and charge excessive hourly rates. Therefore, conclude a contract with an IT service provider who will be on standby in case of an emergency. For the Würth Group, we have contracted a provider for 7/24 deployment. In an emergency, however, it is advantageous to be able to additionally engage a local service provider who knows your infrastructure.

7 Sensitization

Safety grows where it is continuously tested and developed. To this end, it is essential to sensitize employees to dangers. This cannot be achieved with one-off appeals. All employees must assume responsibility. Awareness can be raised through constant practice, regular testing and education. With this in mind: Stay safe!

 

"The market is flooded with supposed saviors, which obscures the focus on the essentials."
Robert Leuze, Head of Competence Center (CC) WGS, Security and System Communications.