Why is data security so important to SMEs? And what does a comprehensive information security concept involve? Job Wizards asked two of Konica Minolta’s experienced IT security experts.
'Information security is especially relevant to SMEs, because cyber attacks and hacking are on the rise'
Head of IT Security at Konica Minolta Business Solutions Deutschland GmbH
Manager Competence Center & Professional Services IT-Security, Konica Minolta Business Solutions Deutschland GmbH
Why is data security so important to SMEs?
Philipp Zeh: This subject is especially relevant to SMEs because cyber attacks are on the rise. Around 70 percent of German companies have been victims of cyber-attacks in the past two years. Large companies have now reached a relatively good level of security, but that makes SMEs even more attractive to hackers, because their level of protection is often much lower.
Florian Goldenstein: We should define exactly what we mean by data security. When we say data, do we mean information? Then we are talking about information security, which the law makes extremely important to SMEs. The EU’s GDPR and, since April 2019, the Business Secrets Act based on EU Regulation 2016/943 and so on, stipulate that businesses have to act.
What are the aims of information security?
Florian Goldenstein: Business data and systems always have to be fully available in undamaged form, exclusively to authorised users, at the time that they are needed.
Philipp Zeh: There are three protection objectives: confidentiality, integrity and availability of information. This is sometimes referred to as the CIA Triad.
Florian Goldenstein: The main aim of any business should be to achieve an appropriate protection level for all of its information.
Philipp Zeh: As an analogy, if I have €3.50 in a room, I don’t need an armoured door. But if I am highly specialised and I keep my patents there, then I definitely should have an armoured door.
What are the essentials of information security?
Florian Goldenstein: First you have to take detailed stock of all the information that needs protecting. Any business leader should ask themselves what kind of information do we have that could be interesting to others? Active and archived files, agreements, business plans, software and tools we use, communication services and services for operating air conditioning, power supply, lighting, printers, cameras – all that is included. The whole company, in other words, and sometimes even beyond the premises. Information in the Cloud also needs reliable protection.
What about data and information security in IoT devices?
Florian Goldenstein: Everyone should know how safely information is being transmitted in interactions between networked equipment and machines.
Philipp Zeh: You often hear: “Me, I’m a nobody. Who wants to know my information?” It is true that burglars are not interested in what you’re keeping in your IoT fridge. But they may well be interested in its location and that you have not opened it for days.
How long does it take to implement a security concept?
Philipp Zeh: Once you have determined the level of protection you need, your information needs to be classified. How do you estimate the damage that could be caused if you are attacked? Moderate or catastrophic?
Florian Goldenstein: Each concept is individually tailored to the customer. The need for protection and classification derives from the appropriate technical and organisational steps that an SME should take. This is similar to the TOMs from the EU GDPR.
This results in very different project situations and also the budget and the speed of projects can vary greatly. It is important that SMEs prepare themselves from the beginning. Experience has shown that a step-by-step implementation of the security concept is more helpful and safer than switching everything at once.
Philipp Zeh: This implementation could take around 25 days, spread over a period of months, depending on the size of company and the type of information, but sometimes it can take much more.
Florian Goldenstein: The cost of basic implementation varies from one company to another, so we cannot really say – the cost varies according to size of business, scope of information and necessary protection level. SMEs often have to spend extra on tools and internal employees as well.
How does Konica Minolta help businesses protect their information?
Florian Goldenstein: We help SMEs by providing a comprehensive IT security portfolio: from non-binding initial consultations, all the way to joint implementation of 360-degree protection concepts. We have developed a strategic analysis process based on almost 20 years of experience. We assess all of the areas relevant to everyday business: IT security and information security, printer device security and video security. We analyse security requirements and work with the SMEs to design a concept aimed at the maximum possible security.
Most big companies are already well prepared for #data #security. SMEs are catching up, making themselves completely secure. Two experienced Konica Minolta #IT #security experts provide advice #jobwizards https://km.social/3e8tp71
Data security: how SMEs protect company data