Five measures to help protect yourself against cyber-risks
Companies and individuals fall victim to cybercriminals time and time again. Criminals use a range of cyber-attacks to take advantage of people's trusting nature, willingness to help, or insecurities, with the aim of accessing confidential data or forcing their victims to take specific actions. Swiss SMEs are also targets of various types of attack, with major consequences. Here, we will show you five measures you can take to protect yourself against the risks surrounding cyber-attacks.
Determine what data, processes, and systems are valuable to your company. You should also ensure that your concept contains a defined data classification for sensitive data. In particular, sensitive data includes client and employee data, authentication data (e.g. user IDs and passwords for Online Banking, devices required for authentication), intellectual property, trade secrets, business-critical processes, and the entire IT infrastructure.
Once identification has taken place, the next concrete step is to protect the relevant data, processes, and systems within your company in accordance with the classification. In this regard, various protective measures need to be identified and implemented.
You should install anti-virus software, perform system updates, and provide training courses and hold information events to make your employees aware of this topic. You should also create an access concept in order to prevent unauthorized access and to detect and pre-empt employee misconduct before it occurs (e.g. principle of dual control or joint signatory authority).
To help protect yourself against direct attacks, measures such as system updates, firewalls and two-factor authentication are recommended. Physical documents must be protected against unauthorized access (e.g. SecureSign activation letter, password letter) and may not be passed on to third parties.
It is not only automated monitoring systems that can detect cyber-attacks – vigilant employees can also spot them. People involved in the process should be given the opportunity to report irregularities, for example if the bank login looks different without prior notification, or if the Executive Board sends an email requesting that a payment be made as an exceptional case.
However, if unusual occurrences are detected, it is vital that employees are given the opportunity to immediately report this to the correct person (e.g. IT staff or an officer responsible for security). In order to ensure that the correct approach is taken, the process must be defined in advance and those involved must be given the relevant training.
If a cyber-attack has been detected, the next step is to react accordingly and to initiate the appropriate actions. For this step, it is important to have a communication or contingency plan in place. Doing so will allow you to ensure that the right people are informed and that damage is minimized, by isolating the affected systems and by calling in experts if necessary.
In cases of suspicious activity or incidents relating to CS Online Services, please contact the appropriate support team to identify the next steps to be taken and to minimize the risk of damage. In case of doubt, please also contact your client advisor or the support office.
So that you can continue your work for Credit Suisse in a risk-free manner, all intact systems must be restored in full. If possible, infected systems should not be used. Infected systems should be wiped, reinstalled, and restored using clean backup data. It is crucial that all backup data is stored separately from the network.
Software and smartphone apps must be installed from official download pages only (e.g. the App Store), and not from unknown sources.