IT security starts with the employee

More and more industrial companies are affected by hacker attacks. An increasing number of DDoS attacks on hosters are being carried out to disrupt the availability of websites. According to the Reporting and Analysis Centre for Information Assurance MELANI, the failure of a company's website can mean a considerable loss of profit to a company (full article here). The attacks with Ransomware are even more serious. Often large parts of the infrastructure are shut down (current example). The Ransomware attacks the system and encrypts the files it contains or spreads them unintentionally. The hackers then demand a ransom to restore the lost data (more on this here).

In the future, anyone can be the target of such attacks. Here are the most important rules of conduct:

Be critical and suspicious of e-mails

Check the links given in e-mails before clicking on them. Remain suspicious even if an e-mail supposedly originates from a known sender (colleague, supplier ...). If in doubt, check with the sender before opening attachments of e-mails that you find even slightly strange. Using Frama RMail is also helpful. An integrated function protects against such attacks by checking the structure of the e-mail with advanced algorithms. (Read more here).

Read an e-mail very carefully; often the authenticity and trustworthiness of the sender can already be seen from the wording. Particular care should be taken with filenames with two endings Don't open e-mail attachments with two extensions (e.g. picture.bmp.vbs).

Use strong passwords

This is what a secure password looks like: $EI8sam!

1. at least 8 characters
2. fantasy words, no names, birthdays, license plates
3. numbers, letters and special characters

Be sure to use different passwords for different services. Even attaching a service-specific letter sequence to a good basic password helps and doesn't make it difficult to remember. For example "$EI8sam!AM" for one service and "$EI8sam!EB" for another. Also, change your passwords at regular intervals.

Never give away your access data

Never pass on your passwords to third parties. Only you are allowed to know your passwords.

Be aware of sensitive data

Personal data and data that are confidential must be treated with care. Keep sensitive data safe from unauthorized access.

Caution when using mobile data carriers

Be critical when using mobile data carriers (USB sticks, memory cards, mobile hard disks, etc.). Don't just connect them to your computer. Mobile data carriers can also contain malware that specifically searches for passwords, remotely control systems, disables protection software and spy on data to manipulate or destroy devices, accessories, documents and data carriers.

Therefore, don't connect a mobile data carrier of unknown origin to the computer. In addition, be careful when using mobile data media from business partners.

Separation of business and private

Don't send business emails from/to your private email account. Webmail access is often available for business e-mail usage outside the company.

Caution in public spaces

When working in public places, always make sure that you don't pass on confidential information to unauthorized third parties. An unauthorized person could, for example, read confidential data over your shoulder on your laptop or eavesdrop on a telephone call. It is your discretion and responsibility to evaluate the situation and, if necessary, to find a better-protected place.

And in the worst case? Alert!

Irregularities on your computer can indicate a possible attack/virus attack. If you notice irregular behaviour or have even the slightest concerns about the security of the system, inform the administrators in your company immediately.