IT security for businesses | SwissSign

Navigate on SwissID

A data security specialist by Swiss Post
SwissSign • 11.01.2023

IT security for businesses

Hackers can attack anyone. That’s why it’s important to integrate IT security into your company strategy and your workday. But how?

Digital crime: facts and figures 

News services are constantly reporting that the "abstract threat in cyberspace" is higher today than in the past. "Abstract" means that although companies may be attacked or threatened, there is no concrete indication of an imminent attack. Given the much higher prevalence of criminal activity on the internet today than in the past, however, no one can afford to relax. Any company, without exception and anywhere in the world, can find themselves the victim of an attack. This could be pure sabotage, a politically motivated attack, espionage or extortion. 

A total of 30,351 digital offences were reported to the Swiss Federal Statistical Office (FSO) in 2021, with most of these being white-collar cyber crimes. 

A few figures 

  • Extortion: 987 offences 

  • Unauthorised data retrieval: 713 offences 

  • Data corruption: 686 offences 

  • Unauthorised access to a data processing system: 551 offences 

The FSO notes that these figures must be interpreted with care, with the number of unknown crimes likely to be significantly higher. The main reason for this is that many offences are not reported. In addition, new digital crimes are constantly being invented and added to the list of offences. 

FSO: more information about digital crime 

Step 1: Analyse your IT vulnerabilities 

Many cyber attacks do not involve clever plans, but instead take aim at targets who are not taking IT security seriously enough. A company’s IT landscape is like a network of systems and people in which data flows back and forth and is stored. This network is only as strong as its weakest element. One single "leak" can be enough for an attack.

To strengthen the network, you first need to be familiar with its every detail. Every optimisation starts with an analysis of the systems, processes and agents in the network. It is key here to classify the data and its storage locations. This analysis should be performed regularly and must be strictly confidential, as it identifies vulnerabilities and could be used to penetrate the systems. 

After the analysis is complete, you should have an overview of risks and vulnerabilities and be ready to move forward based on this. 

Step 2: Integrate IT security into your corporate strategy

The vulnerabilities revealed in the analysis in step 1 need to be rectified. In addition, an emergency plan should be in place for every risk scenario.  

When implementing concrete security measures, it is important for IT security to be both practised as part of the company culture and considered important in the corporate strategy. Whether processing a sale or securing critical data, every employee should ask themselves whether their way of working or their behaviour could constitute a risk. Training, instructions for "best practices" and regular announcements about security issues can make an important contribution to company security. 

Article: The role of the "human factor" in IT security 

"Low hanging fruit": do your homework about IT security

Before digging into all the considerations under steps 1 and 2, do a bit of basic homework. The following elements are part of basic IT security for every company:  

  1. Encrypt your websites with SSL certificates and secure your email correspondence with S/MIME certificates to allow encrypted data transmission. SwissSign is a Swiss CA and offers "Swiss made" certificates. 
    To the SwissSign certificate webshop

  2. Make backups of all critical data. Besides hacking attacks, there are other risks like theft or the destruction of physical devices, for example, if there is a fire in the building or by water damage. 

  3. Install all security updates immediately. This should not be seen as an annoying obligation, but as a lucky break. You don’t have to do anything aside from installing the patches: the big manufacturers correct any security problems and keep your infrastructure up-to-date for you. 

  4. Replace "end of life" systems in good time. These become sources of risk as soon as they are no longer supported. Sometimes even earlier – it becomes more and more difficult to correct new security gaps over time. 

  5. Be conservative about granting access rights and only grant them when absolutely necessary. The more people have access to a resource, the greater the risk. 

  6. Do not allow private devices to connect to company networks, as the security status of these devices and the unknown surfing behaviour of their users represent a risk. A reasonable alternative is to set up a guest WiFi connection, preferably encrypted and with a strong password. 

What you should do now

 

1. Rely on SwissSign certificates for your online security and email communication. With our Managed PKI (MPKI), you can manage certificates for your employees, customers, and partners independently and tailor them to your needs – saving costs compared to purchasing individual certificates.

Order MPKI now

2. Accelerate and secure your signature processes: With our electronic signature solutions, seamlessly integrate digital signing into your processes and systems, either via our interface or on-premise within your own infrastructure, ensuring maximum security and compliance – ideal for companies in highly regulated industries.

Order signature services now

3. Get advice on optimizing your PKI setup or finding the best signature solution for your business.

Request a consultation now

4. If you have learned something from our article, please feel free to share it with others in your organisation. You can also save the link for later or share it on LinkedIn 👇

To the overview

This might also interest you

Adrian Mueller • 21.11.2024

PKI – what is public key infrastructure?

What is a public key infrastructure (PKI)? The basis of SSL certificates, digital signatures and more – for digital security and efficiency within companies
Cyber Security Certificates
Torsten Kahlstadt • 17.12.2024

What is integrated security?

A comprehensive security concept that integrates organisational, personnel-related and legal/regulatory measures in addition to the two pillars of physical security and IT security – and how SwissSign implements it as a trust service provider.
Cyber Security
Tobias Bertschi • 01.10.2024

Passkeys: password-free login

Passkeys not only make the login process simpler and more convenient for users, they also provide greater security. How does this technology work?
Cyber Security Identity

SwissSign

Ressources

Knowledge

Support

A data security specialist
by Swiss Post

The ‘Die Post’ logo takes you to the ‘Die Post’ website.