Cyber security for companies

Cyber crime is a threat to Swiss companies – regardless of the industry or company size. Current advances in digitalisation and the war in Ukraine have made attackers more proficient. Small and medium-sized companies in particular play down the risk all too often: the fact is that at least one in three Swiss SMEs is already affected by cyber attacks. In some cases, cyber criminals bring complete supply chains to a standstill – causing millions of dollars in damage.

But your company is not helpless in the face of these attacks. Because you can significantly improve your cyber security, even with small measures:

1. Raise employees’ awareness of cyber security

• Employees are the biggest risk when it comes to cyber attacks. This is why it is important to make them aware. Everyone in your organisation must be fully informed about how cyber attacks are carried out, what measures are effective to prevent such attacks, and how to handle sensitive data, e-mail, and the Internet responsibly. Important: the topic of cyber security should also be discussed with new employees early on.

• Establish policies for your company in the handling of sensitive data, devices, and data media. In particular, ensure secure access to the corporate network from the home office.

• Appoint a person to be responsible for IT security. Employees, especially new team members, should get in touch with this contact person straight away in the event of any uncertainty.

2. Maintain an overview

• You may not be aware of how comprehensive your company’s IT infrastructure is: the badge system, production machines, a webshop or your printer are also part of this. It is extremely important that your company keeps track of all these devices and systems at all times, along with the specific maintenance requirements.

• Create an inventory of all computers and applications in your company. This enables you to quickly identify which devices and applications are out-of-date and update them if necessary.

• In order to comply with data protection regulations, it is important to create a list of all data collection.

• Review the user rights of the company networks annually. In this way, you can prevent former employees, for example, from becoming a weak point in your cyber security network.

3. Take specific action

• Regularly update operating systems and software. Hackers exploit vulnerabilities in the software to penetrate computer systems. This is why it is important for your company to keep its operating system, browser, and other software up to date.

• Use antivirus programs and firewalls. Antivirus programs help you detect and block malware. Firewalls protect your networks from unauthorised access.

• Use strong passwords. Passwords should be at least twelve characters long and contain upper and lower case letters, numbers and special characters. Password manager may be able to help you and your team.

• Back up data regularly. This allows you to recover data in the event of a cyber attack. It is a good idea to back up your most important data daily. Ensure that the latest backup does not overwrite the previous one, in order to preserve historical data. Also, remember to disconnect the backup from the network so that it does not fall victim to potential viruses. And finally: by testing regularly, you can ensure that the data backup is working.

• Cyber insurance provides financial protection in the event of a cyber attack. For example, it may cover the costs of rebuilding the IT infrastructure, paying ransom demands or handling claims for damages.

Your business is sure to significantly improve its cyber security with these tips. Nevertheless, as a final step, it is advisable to introduce targeted emergency measures in order to be able to react quickly in the event of an attack. The selected measures should also be checked regularly with experts to ensure that they are relevant and effective.

With an integrated approach such as this, your business can successfully minimise the risks of cyber crime and protect its presence in the digital arena.