Is the information in my company adequately protected against theft, manipulation and loss? Which measures make sense for me as a small company to ensure good IT security? We distinguish here between technical and non-technical measures that increase IT security.
The primary aim of technical measures is to prevent threats from getting in touch with your data. The protective effect depends strongly on the product and never offers absolute security. For this reason, non-technical measures are also required in any case in order to further minimize the residual risk of the technical measures.
Firewall: Protect your network with a firewall. This firewall must not only be installed, but also configured correctly and provided with regular security updates. The firewall ensures that your network is shielded from the Internet and that only the data traffic that is desired is allowed. Some modern firewalls are equipped with artificial intelligence and automatically detect when, for example, an infected PC wants to communicate with the Internet and automatically block it.
Anti-Virus: If a virus reaches your PC despite a firewall, an anti-virus software blocks its execution or is able to clean an already infected system. Windows comes with Defender which provides basic anti-virus protection with very good AV-TEST rating. Third-party products have a wider range of functions and increasingly use artificial intelligence to detect and defeat malware, including ransomware.
Web filter: A web filter blocks harmful websites and prevents your employees from accessing such websites at all via links in e-mails or advertising banners. They are available either as software for the PC, plugin for the browser or centrally integrated into the firewall.
Spam/virus filter for e-mail: Prevents malicious emails from finding their way into your inbox at all. Good email providers already have such a filter built into their product by default, so you don’t have to worry about it.
Use strong passwords: Urge your employees from using strong passwords that are difficult to guess. Use at least 8 characters, mixed with capital letters, lower case letters, numbers and special characters. They must not contain words, dates of birth or anything similar. Use a different password for each login. With the password check of the Data Protection Officer of the Canton of Zurich you can test the security of your passwords without risk.
Block all accesses of former employees: Ensure that former employees no longer have access to your data. Block all employees’ personal accounts and change passwords from central accounts. Think also of social media and cloud software.
Authorization management: Define clearly which employees can access which data and make sure your policy is correctly enforced. This protects against malicious activity by employees and reduces unintentional damage, for example by Ransomware.
Training: Sensitize your employees in dealing with your IT systems and possible dangers. This includes the use of e-mail and web browsers, but also the release of sensitive information via telephone or to external persons in your business premises. The video below (German only) sensitizes you and your employees to a better awareness of more information security in just a few minutes.
There’s never absolute security. But the measures mentioned help to reduce risks in the best possible way with little effort and cost. Attackers usually look for the easiest victims and so it already helps a lot to keep the protective measures above average. Every managing director should at least be familiar with IT security and suitable measures.
Our product assistant helps you to find the right products.