The demands on cyber security are increasing. The loss or theft of end devices, hacker attacks or viruses that enter a company's systems via e-mail or visits to insecure websites can have expensive consequences. It is important to actively minimise these risks.
The basis is an IT security strategy. Technical, cloud-based security solutions from competent partners play an important role here for craft enterprises that want to protect themselves effectively.
However, it is also of high importance to inform employees about possible dangers and rules of conduct to be followed if there is even a suspicion that an "incident" may have occurred. Then you can react quickly and in a targeted manner. This is important to avert further damage, but also to protect the company and those responsible for the company from legal and economic consequences.
What to do if it happens?
In the following, we describe some rules that you and your employees should follow in the "worst case scenario":
Data espionage via virus or Trojan horse
You or a staff member suspect that a virus or Trojan has been activated, for example by clicking on a link or opening an e-mail attachment:
Disconnect the network connection by pulling the network cable, deactivating the WLAN connection and switching off Bluetooth. However, do not switch off the device itself. Consult a cyber security expert and inform the police if necessary. This is essential if you store or process third party personal data, such as names, addresses, banking information and order data.
Blackmail by means of ransomware
Someone is threatening to use ransomware to encrypt your data and make it inaccessible to you in order to extort money from you or your company: Don't go for it! If it has already happened, make a note of the file extensions of the encrypted files. Take a screenshot of the extortion message. Contact the police and get help from a cyber security expert.
Cripple website via DDoS attacks
An attacker is trying to overload your website or webshop with automated requests, making it inaccessible to your customers and prospects:
Contact your Internet service provider (ISP). Ask them to block the attacker. Ask an expert to investigate whether data was accessed without authorisation via possible vulnerabilities. Clarify with him whether you need to contact the police to comply with your obligations regarding data protection.
Prevention instead of damage limitation
Of course, it is best to prevent damage. Important procedures within the framework of your cyber security strategy should therefore include:
- Draw up a list of the data-networked areas of your company.
- Write down which (digital) processes are crucial for your daily business and how.
- Consider where there are actual and potential risks in terms of failure or disruption for each (digital) process in your company.
- Ask your IT partner where in your company they see threats to the impairment of (digital) business processes, for example through outdated devices, operating systems or software or app versions.
- Where possible, use professional, certified and DSGVO-compliant cloud services from renowned providers to reduce the complexity of your own IT systems.
- Separate your and your employees' private and business devices, software and apps at work and in the home office - whether smartphone, tablet, notebook or desktop PC.
- Set up password-protected access authorisations for all employees and devices.
- Access the expertise of a proven cyber security service provider to digitally secure your company and the business.
- Make sure that you are covered for all eventualities by a sufficiently dimensioned legal protection and cyber insurance.
The forum “A practical guide to digitisation for craftspeople" is the crucible of implementation-oriented digitalisation at FENSTERBAU FRONTALE and HOLZ-HANDWERK 2022 in Nuremberg. There, from 12.07.- 15.07.2022, you will find the right path to your own digitalisation for yourself and your company over four days. Information, inspiration and concrete knowledge on this and many other topics will be available live in the form of power interviews and in personal exchanges with digitisation experts and fellow craftsmen.
Get your ticket now: www.holz-handwerk.de/tickets
More information about the forum: https://www.holz-handwerk.de/en/events/2/forum-a-practical-guide-to-digitisation-for-craftspeople/768580