We are taking part in the European Cyber Security Month!

What is the ECSM? Basically this is an initiative supported by the European Commission and many other organizations like BSI to raise awareness for cyber security in the industry as well as for citizens. During the whole month of October many IT security experts contribute with presentations, special offerings and campaigns to highlight the importance of digital safety and speak about threats and trends in IT security.

We also decided to share our knowledge in the area of securing the human factor against cyber attacks and will inform about attacks on digital identities including consequences of a successful hack and give some ideas for prevention.

Ever wondered what social engineering is or how phishing works and what´s actually behind these buzzwords? How do attackers manipulate users and trick them into sharing their credentials, “open a (digital) door” to the company network or make them assist in a fraud? We will give a basic intro to that and are looking forward to your participation!

Time: 9th of October at 11 am (CET), duration: 45 minutes

Registration: https://doubleclue.com/en/registration-ecsm/

(Of course it´s completely free)


#ECSM #security #cyberattack

Key learning from BSI´s basic IT protection day

When you´re into topics like ISMS, organizational risk mgt. or certifications check the free publications and detailed information from BSI here: https://www.bsi.bund.de/DE/Themen/ITGrundschutz/itgrundschutz_node.html

Here´s some important take home messages:

Your technical infrastructure might be outstandingly secure, though there are millions of new attacks every day so that at least a few might come through. Prevent breaches from phishing or other less elaborated attacks with a solid employee awareness (e.g. how to recognize malicious mails) and create a vivid risk management (e.g. create internal phishing attack simulations).

On the other side, specificly targeted attacks are comparably rare but extremely dangerous. Before starting the actual hack, criminals collect many specific information on different channels such as social media (always be aware of your company´s and employees´ web presence!) and use manipulative communication and spoofing to convince specific colleagues to “open the door” for them.

Make sure you set up an effective control of rights, access and authentication so at least you could retain some control on the damage or prevent it at all.

Conclusion: No matter how elaborated your tech-sec setup is – it´s just as strong as the people working in it.