Quality Management System
A hacker attack shuts down your entire IT infrastructure - a nightmare for every company. But how can you prevent such attacks? We have compiled the most important rules for IT security at the workplace for you.
More and more industrial companies are affected by hacker attacks. An increasing number of DDoS attacks on hosters are being carried out to disrupt the availability of websites. According to the Reporting and Analysis Centre for Information Assurance MELANI, the failure of a company's website can mean a considerable loss of profit to a company (full article here). The attacks with Ransomware are even more serious. Often large parts of the infrastructure are shut down (current example). The Ransomware attacks the system and encrypts the files it contains or spreads them unintentionally. The hackers then demand a ransom to restore the lost data (more on this here).
In the future, anyone can be the target of such attacks. Here are the most important rules of conduct:
Check the links given in e-mails before clicking on them. Remain suspicious even if an e-mail supposedly originates from a known sender (colleague, supplier ...). If in doubt, check with the sender before opening attachments of e-mails that you find even slightly strange. Using Frama RMail is also helpful. An integrated function protects against such attacks by checking the structure of the e-mail with advanced algorithms. (Read more here).
Read an e-mail very carefully; often the authenticity and trustworthiness of the sender can already be seen from the wording. Particular care should be taken with filenames with two endings Don't open e-mail attachments with two extensions (e.g. picture.bmp.vbs).
This is what a secure password looks like: $EI8sam!
Be sure to use different passwords for different services. Even attaching a service-specific letter sequence to a good basic password helps and doesn't make it difficult to remember. For example "$EI8sam!AM" for one service and "$EI8sam!EB" for another. Also, change your passwords at regular intervals.
Never pass on your passwords to third parties. Only you are allowed to know your passwords.
Personal data and data that are confidential must be treated with care. Keep sensitive data safe from unauthorized access.
Be critical when using mobile data carriers (USB sticks, memory cards, mobile hard disks, etc.). Don't just connect them to your computer. Mobile data carriers can also contain malware that specifically searches for passwords, remotely control systems, disables protection software and spy on data to manipulate or destroy devices, accessories, documents and data carriers.
Therefore, don't connect a mobile data carrier of unknown origin to the computer. In addition, be careful when using mobile data media from business partners.
Don't send business emails from/to your private email account. Webmail access is often available for business e-mail usage outside the company.
When working in public places, always make sure that you don't pass on confidential information to unauthorized third parties. An unauthorized person could, for example, read confidential data over your shoulder on your laptop or eavesdrop on a telephone call. It is your discretion and responsibility to evaluate the situation and, if necessary, to find a better-protected place.
Irregularities on your computer can indicate a possible attack/virus attack. If you notice irregular behaviour or have even the slightest concerns about the security of the system, inform the administrators in your company immediately.