Measures for cyber security

There are a variety of measures that you can implement to increase the cyber security of your system. The measures listed below should form the basis for further measures.

Basic measures

Employee training

Train and sensitive all employees in IT security matters to minimize human error.

Access controls

Restrict access to buildings, facilities and their IT infrastructure to prevent physical access by unauthorized persons.

Program update

Keep all programs up to date to close security gaps.

Password management

Use secure passwords and manage them correctly to prevent cyber attacks.

Data backup

Back up your data regularly to protect yourself from ransomware and other cyber threats.

Examples of detailed measures

Physical security

  • Access controls to the buildings and server rooms
  • Protection against unauthorized opening of housing
  • Contactor protection against environmental influences (dust, moisture, heat)

Network security

  • Use of firewalls and intrusion detection systems
  • Segmentation of the network and isolation of critical systems
  • Secure configuration of network components

System hardening

  • Deactivation of unnecessary services and interfaces
  • Use of antivirus and anti-malware software
  • Regular updating of operating systems and applications

Access control

  • Strong authentication procedures
  • Minimal assignment of rights (principle of least privilege)
  • Logging and monitoring of access

Data and communication security

  • Encryption of sensitive data both at rest and in transit
  • Secure configuration of wireless networks
  • Contactor protection against data leaks and loss

Patch management

  • Regular checks for security updates
  • Planned and traceable update processes
  • Management of software licenses and compliance

Backup and restore

  • Regular backups of important systems and data
  • Tested emergency recovery plans (disaster recovery)
  • "Offsite" storage of backup copies

Incident response

  • Prepared response plans for security incidents
  • Staff training in dealing with security incidents
  • Communication plans for internal and external stakeholders

Awareness and training

  • Regular security training for employees
  • Awareness campaigns for phishing and social engineering
  • Clear security policies and procedures

Compliance and audits

  • Review and compliance with relevant industry standards and laws
  • Regular internal and external security audits
  • Documentation and reporting for proof of compliance

 

 

• Published/reviewed: 2025-06-27 • Revision 018 •