Headlines about cyber attacks and data exfiltration are piling up: Viruses, Trojans and other malware have long been part of everyday IT life. At the same time, the amount of data sent through routers due to digitization and working from home is exploding. It is no longer just operators of critical infrastructures such as banks or hospitals that are at risk. Cybercriminals are increasingly targeting small and medium-sized companies as well as large corporations. Whereas in the past it was often about industrial espionage or the theft of intellectual property, today it is more about ransom extortion to protect reputation.
Small and medium-sized enterprises (SMEs) in particular are easy victims, as they often lack the resources and financial means to specifically expand their cybersecurity. And even worse: Often there is even a lack of security awareness on the part of those responsible. The security of the data should be just as natural as the fire protection of the data center or the company building.
Holistic cybersecurity combines prevention, detection and response
The IT infrastructure of many SMEs has mostly grown organically: It was constantly expanded and adapted as the company grew. A strategic, planned structure often does not exist. Critical questions about an elaborated IP strategy, the routes of the data traffic or security policies often only meet with a shrug. This is dangerous and offers cybercrime welcome gateways.
So what does it take to ensure that even small and medium-sized companies are adequately protected against data theft? Just as mouth and nose masks protect against infections in times of the pandemic, companies need a virtual “mask” for their IT, consisting of the prevention, defense and response to cybercrime. It is important to block gates of entry in a targeted manner, track down attackers and repel intruders as quickly as possible – and that includes the entire IT infrastructure: from the network to the servers and services to the end devices.
Self services or managed service: if you have the answer, you are on the right track
When it comes to their own IT, many companies still rely on internal solutions. But that is becoming increasingly difficult: the rapid development of technology makes it almost impossible for them to keep pace with it using internal resources. Therefore, when deciding on an internal or external security solution, the question of the existing expertise should come first. Because the fact is: Hackers constantly change their attack vectors and are highly qualified and well organized.
For SMEs, setting up and operating their own security system is usually too expensive and complex. In addition to expertise, there is often a lack of staff who can react immediately in the event of an alarm. But cybersecurity only works as a 24/7 all-round protection. It is therefore advisable to use external service providers. The advantage: You have security specialists who deal exclusively with the constantly changing types of attacks, constantly gathering experience and thus constantly developing the systems in order to maintain protection. Because if you want long-term security, you have to have the right tools ready for every phase of an attack.
5 tips for a secure IP strategy
Regardless of which solution a company decides on, whoever wants a secure IP strategy, should close some gateways right from the start. The analysis of IP traffic plays a crucial role in the prevention of cyber attacks. The following tips can help bring more transparency and security to your own IP structure:
- Route your traffic transparently and comprehensibly
It is often amazing how many paths the traffic takes to reach its destination. Use an IP transit that chooses agreed routes through the Internet. This prevents packet loss and ensures the fastest possible exchange. The path of your data is thus regulated transparently and securely.
- Use a routing table and check it regularly
Routes set in advance can also be rerouted from outside. You should therefore use a routing table that shows you which routes your data is going. This means that you will immediately notice if your data does not end up where it belongs. Important: You can only react quickly if you check the table regularly.
- Rely on the right IP protection measures
Protect your Internet access by using the right tools: DDoS defense, blackholing and firewalls are often only associated with low additional monthly costs. If you use an external provider, make sure that they offer you redundant, provider-independent Internet access – this improves your protection drastically.
- Differentiate between foreign and domestic locations
Data transfer abroad in particular requires the highest level of security. A carrier-independent provider who defines clear routes for your traffic can transport your data securely and transparently to different parts of the world.
- Take care in the home too for a secure connection
The home office has been normal since the pandemic. But external access to corporate IT is by no means child’s play. Sensitive data is exchanged over public lines – security should come first. Provide your employees with a virtual private network () are available so that you can use a protected network connection to exchange data. You can also offer user licenses and home office hardware (router, switch, etc.) so that you can keep control of your data.
Detect and ward off attacks at an early stage
Despite all caution, not all cyberattacks can be prevented. It is therefore important to recognize them as quickly as possible and to ward them off accordingly. A clearly structured infrastructure helps here too. Because this way you can quickly see when large amounts of data are being moved to new or unknown sources. However, active network monitoring is a prerequisite for this. It also sounds an alarm if the direction of a data stream changes.
Another important aspect, which is often forgotten due to the high effort involved, is the analysis of your own network for possible security gaps and loopholes. However, if controls based on this are implemented both on the host and in the network, the attack surface is considerably reduced.
Conclusion: Those who know the routes of their traffic and implement the right protective measures have already gained a lot. However, this requires a security awareness and acceptance that cybersecurity is a long-term project and, in the best case, should take place 24/7. If an attack does occur nonetheless, the right mechanisms help with rapid identification. This includes effective network monitoring and constant monitoring of the network for security gaps and loopholes.