Cyber attacks pose a significant challenge for SMEs. It is not only in the midst of the current international tensions that it is necessary to take the most critical protective measures. But numerous companies underestimate the risk and have no risk strategy.
The principle states that no one, even once privileged users, should be automatically trusted. Because even employees with high privileges can run wrong commands on the faulty critical system, it’s often not their fault because the scams using sophisticated phishing measures are becoming increasingly difficult to detect. It’s easy to fall for. In addition, there are also employees, even if many companies do not want to admit it, who want to take revenge on the company. These are often the most significant security risk.
Therefore, the following applies in principle: Users must always be securely identified (proof through solid authentication) and adhere to the house rules (specific rules for the respective “risk class” of the system to be protected).
Tip 5: Companies create such sets of rules in two steps. You start with the classification of the critical systems (e.g., risk class 0 for extremely high risk and maximum restriction of access to it). Only then do they create the regulations for the respective risk classes.
The secret of success: deal with the risk!
Since medium-sized and small companies are more susceptible to cyber attacks than large companies, and the consequences can be fatal for these companies, proactive investment in an IT risk management strategy is essential. The focus is on protecting privileged users and privileged access. If companies take suitable measures early, they significantly reduce the risk of their infrastructure being endangered. Hence the call: Start planning your strategy and use a sufficient budget for implementation. Such allocations are ultimately more minor than the damage caused by a successful attack. In the end, it pays off.
