In der heutigen digitalen Welt sind Handwerksbetriebe zunehmend von Cyberbedrohungen betroffen. Die Sicherheit ihrer IT-Systeme und Daten ist von entscheidender Bedeutung, um Geschäftsprozesse reibungslos zu gewährleisten und Kundenvertrauen aufzubauen. Im sechsten und abschließenden Modul des DAISEC Qualifizierungsprogramms zum Digitalisierungsmanager informierte Dr. Oliver Wiese aus dem Expertenteam des DAISEC deshalb über die Bedrohungslage für KMU und Handwerk und leitete geeignete Strategien für die teilnehmenden Unternehmensvertreter*innen ab. Die Vorgehensweise von Cyberkriminellen bei den momentan stark in der öffentlichen Wahrnehmung stehenden Ransomware-Angriffe wurde detailliert an einem Fallbeispiel erörtert.
Some selected threat scenarios that also confront craft businesses are, for example:
- Phishing and malware attacks: Craft businesses are frequent targets of phishing emails and malicious software (malware). Employees should be trained to recognize suspicious emails and not click on fake links or attachments.
- Ransomware attacks: Ransomware attacks, in which data is encrypted and a ransom is demanded, can have devastating effects. Regular backups are essential and antivirus software can help.
- Insecure IoT devices: Many craft businesses use networked devices (IoT) that are susceptible to attacks. Regular checks and an overview of the IT used are necessary.
These additional modules can also contribute to operational IT security:
- Firewall and network segmentation: A firewall protects the network from unauthorized access. Segmentation separates sensitive systems from each other and thus minimizes potential damage.
- Inventory and regular updates: An overview of the software used and software updates are crucial for identifying and closing vulnerabilities.
- Access rights and password guidelines: Strong passwords and restricted access to sensitive data are essential. Administration rights are not necessary in everyday life and user accounts with administration rights should only be used if the additional rights are required.
Overall, trade businesses should take cyber security seriously and take proactive measures to protect their systems and data. When it comes to antivirus software, firewalls and other cybersecurity software, it is essential to pay attention to quality. These software products usually have far-reaching rights and vulnerabilities in them can be particularly fatal.
Dr. Oliver Wiese recommended the offers of the Cyber Security Transfer Office and short learning units (so-called learning nuggets) by the Mittelstand Digital Center Hanover.
Cyber insurance can be a useful addition to a company's strategy. Arguments for taking out cyber insurance can include financial protection, which covers significant costs in the event of a security incident. Another aspect is that cyber insurance also includes additional preventive measures and support in the event of a crisis. In the event of a cyber attack, the existence or, in case of doubt, even the reputation of the affected company may be at risk. In this case, experienced insurers and their networks can limit the damage through communication and provide support in negotiations and reporting to the authorities.
The participants contributed their experiences from different corporate contexts and discussed them under the moderation of the DAISEC expert. The discussions with the industry representatives showed that cyber insurance in SMEs can certainly be a solution for increasing awareness of the topic within the company.
In an overall evaluation of the course, the participants gave very positive feedback.
What were the other modules of this qualification program about? Read it here:
