But what can companies do to increase their IT security?
In addition to the security-enhancing measures already mentioned, such as multi-factor authentication, there are many other, different approaches. For example, some companies tend to prohibit their employees from using private computers. This is also recommended by the Independent Center for Data Protection Schleswig-Holstein (ULD). They have published a paper with recommendations for working from home in 2020. The focus here lies on protecting personal data from unauthorized access at home, during transport, or during data transmission. Technical and organizational security measures, such as encrypting mobile device’s hard drives and external storage media, as well as the correct setup of workplaces, are addressed.
Many employees feel protected at home and forget, for instance, if a window is open, neighbors may be able to overhear a conversation with a customer or colleagues. If a data breach occurs, the employee must know who to report it to.
The following section lists individual tips from ULD.
- Paper documents are best taken and stored in a lockable container.
- Choose a location where others can not see the screen – even through a window. A privacy film for the monitor can help with this manner.
- Documents containing personal data should be kept locked, preferably in a locked room or container.
- In case you need to process data on a private computer, be sure to store official data encrypted.
- Do not throw official paper documents into your private paper trash.
- Dial into the network of your company or authority via a secure connection (VPN). If necessary, access to sensitive areas must be excluded.
(Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein 2020)
Often, companies already have policies, which regulate working off-site. If these do not exist, company owners and employees should agree on certain rules. But despite the guidelines, training is needed to educate employees and provide them with information so that they are better sensitized in everyday life and are more secure in dealing with phishing emails and malware, for example.
The IT department is particularly in demand because technical tools and security precautions are necessary for protecting the infrastructure.
Possible precautions can be such as antivirus programs, firewall settings, early updates of the software used, encryption when transferring data, backups, spam filters, monitoring, regular changes to passwords, restricting the rights of normal users, simulation games, and simulations of attacks.(Deloitte 2020)
A potentially big threat for companies is not having a clear plan for emergencies. If an attack occurs and your first action is having to figure out how to deal with the situation, it is clearly too late. Prevention before reaction (Deloitte 2020).