Report • 13.10.2014
Industry must take on more responsibility for IT security
On the occasion of this year’s it-sa, eco – Association of the German Internet Industry e. V. (Hall 12/Booth 333) has introduced a 5-point plan on how companies can take the initiative with regard to IT security and data protection.
Not only since the discovery of the systematic espionage actions of foreign secret service agencies has German industry been sensitive to matters of IT security and data protection. However, in order to protect themselves more effectively against industrial espionage, companies need to take the initiative more, according to Oliver Dehning, Leader of the eco Competence Group Security.
For this, eco – Association of the German Internet Industry e. V. has created a 5-point plan, which is presented in conjunction with this year’s it-sa (Hall 12/Booth 333) from 7 to 9 October. The focus should be on individual companies’ own responsibility for ensuring the greatest possible level of security. In addition to this, data protection is also an important topic at the association and industry level, where companies with similar business models can establish common standards.
Careful handling of sensitive company data
According to Dehning, the best protection against data theft and abuse is still the careful and attentive handling of sensitive company data. “In general, IT security should be taken seriously,” says the Leader of the eco Competence Group Security. “Most damage occurs as a result of negligence, which is reflected in, for example, open accounts, passwords which are easy to guess, are left lying around, or have not been changed in years, not activating encryption, or the storing of important data in unprotected Cloud services.” Which data even needs to be stored in the Internet should be considered in advance. Staff should be sensitized to the issue through clarification, transparency, and strict compliance regulations for data protection.
Strengthen awareness for IT security
Further, according to Dehning, it is important to take IT security into account in the original purchase decision or the procuring of IT solutions. Companies should ask themselves critically which measures are necessary for them and which solutions are available for these. And with this in mind, the IT security mechanisms already existing in the firm should also be used – which is in many companies not yet the case. For the development of new products and services, the IT security requirements should be taken into account from the very beginning. Last but not least, collaboration on IT security and data protection at the sector or association level can be sensible for many companies, in order to benefit from the exchange of experience and possible synergy effects and to develop common standardization.
5-point plan for an increase in IT security:
- Careful and attentive handling of sensitive company data; staff sensitized through clarification, transparency and strict compliance regulations
- Take IT security into account from time of procurement
- Make use of existing IT security mechanisms
- Take IT security into account in the development of new products and services
- Collaboration at the sector or association level for synergy effects, exchange of experience and standardization
Source: eco – Association of the German Internet Industry e. V.