Better IT security for your business
Cybersecurity should be a key component of every business strategy today. No matter what your company makes, anyone can fall victim to a hacker attack. In this article, you’ll learn how to improve your IT security.
Digital crime: facts and figures
News services are constantly reporting that the "abstract threat in cyberspace" is higher today than in the past. "Abstract" means that although companies may be attacked or threatened, there is no concrete indication of an imminent attack. Given the much higher prevalence of criminal activity on the internet today than in the past, however, no one can afford to relax. Any company, without exception and anywhere in the world, can find themselves the victim of an attack. This could be pure sabotage, a politically motivated attack, espionage or extortion.
A total of 30,351 digital offences were reported to the Swiss Federal Statistical Office (FSO) in 2021, with most of these being white-collar cyber crimes.
A few figures
Extortion: 987 offences
Unauthorised data retrieval: 713 offences
Data corruption: 686 offences
Unauthorised access to a data processing system: 551 offences
The FSO notes that these figures must be interpreted with care, with the number of unknown crimes likely to be significantly higher. The main reason for this is that many offences are not reported. In addition, new digital crimes are constantly being invented and added to the list of offences.
Step 1: Analyse your IT vulnerabilities
Many cyber attacks do not involve clever plans, but instead take aim at targets who are not taking IT security seriously enough. A company’s IT landscape is like a network of systems and people in which data flows back and forth and is stored. This network is only as strong as its weakest element. One single "leak" can be enough for an attack.
To strengthen the network, you first need to be familiar with its every detail. Every optimisation starts with an analysis of the systems, processes and agents in the network. It is key here to classify the data and its storage locations. This analysis should be performed regularly and must be strictly confidential, as it identifies vulnerabilities and could be used to penetrate the systems.
After the analysis is complete, you should have an overview of risks and vulnerabilities and be ready to move forward based on this.
Step 2: Integrate IT security into your corporate strategy
The vulnerabilities revealed in the analysis in step 1 need to be rectified. In addition, an emergency plan should be in place for every risk scenario.
When implementing concrete security measures, it is important for IT security to be both practised as part of the company culture and considered important in the corporate strategy. Whether processing a sale or securing critical data, every employee should ask themselves whether their way of working or their behaviour could constitute a risk. Training, instructions for "best practices" and regular announcements about security issues can make an important contribution to company security.
"Low hanging fruit": do your homework about IT security
Before digging into all the considerations under steps 1 and 2, do a bit of basic homework. The following elements are part of basic IT security for every company:
Encrypt your websites with SSL certificates and secure your email correspondence with S/MIME certificates to allow encrypted data transmission. SwissSign is a Swiss CA and offers "Swiss made" certificates.
To SwissSign SSL certificates
To SwissSign email certificates
Make backups of all critical data. Besides hacking attacks, there are other risks like theft or the destruction of physical devices, for example, if there is a fire in the building or by water damage.
Install all security updates immediately. This should not be seen as an annoying obligation, but as a lucky break. You don’t have to do anything aside from installing the patches: the big manufacturers correct any security problems and keep your infrastructure up-to-date for you.
Replace "end of life" systems in good time. These become sources of risk as soon as they are no longer supported. Sometimes even earlier – it becomes more and more difficult to correct new security gaps over time.
Be conservative about granting access rights and only grant them when absolutely necessary. The more people have access to a resource, the greater the risk.
Do not allow private devices to connect to company networks, as the security status of these devices and the unknown surfing behaviour of their users represent a risk. A reasonable alternative is to set up a guest WiFi connection, preferably encrypted and with a strong password.