This is a very important area – but it is precisely here that people tend to cut corners. What needs to be done to be well prepared for an emergency and what should I do in an emergency?

To avoid throwing money away unnecessarily, this article addresses the question: How can IT security be improved effectively?

Expert IT personnel

Who do you call when there’s a fire? That’s right, the fire department. And when a high-rise building is on fire, a single firefighter is not enough. And certainly not someone who has to think about what to do first. Or who then says that you have to call the fire department.

Hackers are always coming up with new ideas. To stay one step ahead of them, or at least catch up with them quickly, your company must not lack expert staff.

However, you can’t just leave it at the status quo. Expert IT staff will only remain expert if you guarantee further training. Regular “training” is important and those who start early will be prepared sooner. A properly trained – or further trained – employee is worth his weight in gold. And fireproof. While companies rarely have their own firefighters in-house, most have their own IT department. But sometimes it can make sense to outsource them.

Train behavior in an IT emergency

112? 110? 911? What do I have to say? What information is important?

The number varies depending on the event and location. But “Who? How many? What? When? Where?” – these are always the questions in an emergency.

And in principle, they are also those for an IT security incident:

????????‍???? Who reports?

???? Which IT system is affected?

????????‍???? How did you work with the IT system? What did you observe?

⏰ When did the event occur?

???? Where is the affected IT system located? (building, room, workplace)

In an emergency, however, it can happen that you forget what you are doing because you are so nervous and excited. What can help?

3 things: Practice, practice and more practice.

Some take first aid courses every year. Some for the first and only time because of their driving license. And still others are voluntary first aiders in their company or private environment and therefore have regular training. In your opinion, who is better prepared for an emergency?

You can also prepare your employees for an IT emergency and make them safer through regular training. Monthly training videos are a good way to do this – low cost, high impact. IT security awareness training, on the other hand, should take place at least once a year. This way, there are always reminders and a refresher course.

Normally, you learn the questions to ask in an emergency at elementary school. In the same way, you should also “train” your employees as early as possible in the correct behavior in an emergency.

Anyone who would like a template of the “IT emergency card” or would like more information on training courses is welcome to contact us.

An IT security officer

Does your company have a fire safety officer?

Is it important at all? Because: has there ever been a fire? No? Then that’s money wasted. It could be used much more effectively. For example, in a better coffee machine or a small pay rise. Or at least a bonus!

Sounds stupid? It’s stupid too. After all, it’s called a fire prevention officer and not a fire incident officer. Their tasks are primarily about protection and prevention. So that there is no fire or a small fire does not develop into a major fire. In the event of danger, prevention is better than cure.

The same applies to the “IT security officer”. If nothing happens, is he worth his money? Well, if nothing happens, that answers the question, doesn’t it?

Proper and functioning monitoring allows you to keep an overview of the company network. Then you can react to potential sources of danger – sources of fire – at an early stage and in good time.

For example, if devices are integrated into the network somewhere without the knowledge of the IT department, you can find them with a network scanner and react accordingly. A In addition, vulnerabilities are detected more quickly and preventive action can be taken against them. Regardless of whether these are in the system, in the work processes or arise through the use of the user.

The “IT security officer” and his team recognize the danger and create measures against it. Of course, every employee is then responsible for implementing these measures.

Analysis and prevention in IT security

Have you ever wanted to break the glass and press the alarm button? Of course, nobody did it if there was no reason. But it would have been stupid if it had been needed but nothing had happened.

It’s better to have something and not need it than to need something but not have it.

And it is better to discover an IT security leak yourself than to have it pointed out to you by hackers demanding money.

How can the latter be prevented?

This would mean the following for the company:

  • Fire alarm: Run scans and see where there are technical weaknesses in the system.
    Or send out a phishing e-mail and see if and how many employees “fall for it”.
  • Inspections of the fire protection measures: Set up regular, documented patch management. Data analyses from the network can also be used to detect attempted attacks.

  • Pay attention to the “MHD” of the fire protection measures: Do not use outdated hardware or software (no maintenance possible, no safety possible).

  • Build fireproof: Setting up and keeping the firewall up to date

  • Define escape routes: functioning backup and recovery concept have

  • Smoke detectors and sprinkler systems: organize and conduct regular IT awareness training, intrusiondetection, intrusionprotection and SIEM systems use, Introduce a role-based authorization concept

Support for one of these areas?

It's not easy to think of everything. And being able to implement everything is even more difficult.

Do you want tips? More information? Get in touch with us. You can only benefit from our free initial consultation. Make an appointment directly!

[contact-form-7 id=”3200″ /]