Safe Through the Summer: 6 Tips for SMEs from the eco Association

• Close vulnerabilities quickly: SMEs should not neglect cybersecurity during the holiday season
• Prevent loss of reputation and economic damage through blackmail Trojans now

Cyber criminals see an opening when staffing levels in a company are low because many employees are on holiday or working from home. The threat situation for SMEs in Germany is getting worse, say 74 percent of the security experts surveyed in the eco IT Security Study 2021. Cyber criminals know the common and current security vulnerabilities, for example on email servers, and specifically look for systems that have not yet closed them. Around one in five companies had one or more serious security incidents last year. In around 20 percent of these incidents, the cybercriminals used Trojan software to extort ransom money from companies to have encrypted files released again.*

“If applications and data are encrypted by extortion Trojans, so-called ransomware, and even customer data is stolen, then companies suffer a severe loss of reputation. In the worst case, the situation can threaten the existence of the company,” says Markus Schaffrin, IT security expert and Head of Member Services at eco – Association of the Internet Industry. “Companies need to have maximum security at all times and be able to react quickly if the worst comes to the worst. IT managers should regularly check the security of all IT systems, especially during the holiday period, and train and sensitise their colleagues.”

The eco Association offers six concrete tips:

1. Keep all systems up to date at all times. To do this, make an inventory of the software and systems in use: What is used where? Which systems are currently running and which have been decommissioned? Establish processes for regular updates and emergency patches and practise them with your staff.
2. Proactively collect information on possible vulnerabilities, such as from the BSI (German Federal Office for Information Security). Assess risks and classify them accordingly: Which services are most important for my company, what impact do vulnerabilities have on my business?
3. Plan your response to any crisis or emergency in advance. Almost one in three companies (31 percent) have not yet established a contingency plan to respond accordingly.* Do so as soon as possible and brief your employees accordingly to limit or avert damage to organisations, companies or individuals.
4. Regularly raise your staff’s awareness of the cyber dangers posed by, for example, phishing attacks. Regularly educate your staff and build up appropriate skills so that your colleagues react correctly in case of doubt. With regular training, you keep this security awareness and the awareness of cyber dangers high in the corporate culture.
5. Use strong passwords: Choose password lengths of at least eight characters, use upper and lower case letters as well as special characters and numbers. Passwords should not be written down, but only stored encrypted on the computer.
   Tip: Mnemonic rhymes and tricks can help in remembering cryptic passwords.
6. Make regular backups, they protect you and your company from data loss, for example in the event of ransomware incidents and hardware damage. Applications for computers, tablets and smartphones make backup possible for everyone in a short time – for example via cloud solutions or external device storage. Backing up the computer and mobile devices should become an indispensable ritual, like brushing your teeth every day.

*For the eco IT Security Study 2021, eco – Association of the Internet Industry surveyed around 175 security experts at the end of 2020. The study is available to eco Members here for download here.