Just in time for the new year, the National Cybersecurity Center of Switzerland (NCSC) became the Federal Office for Cybersecurity (BACS) and acts as a competence center for this area for the Confederation. The Confederation is aware that cybersecurity plays an enormously important role in Switzerland's national and international foreign and security policy and must be guaranteed at all costs.
The main task of the newly established federal office is to implement the National Cyber Strategy (NCS) approved last year throughout Switzerland and to make Swiss cyberspace as secure as possible. As part of this objective, the BACS raises awareness and warns the public about general cyber threats and specific cyber attacks, among other things. The office also acts as a reporting office for cyber incidents, prepares analyses to assess, manage and defend against cyber incidents and to identify and eliminate weaknesses in data protection.
In this context, the Federal Office is currently also directly addressing small and medium-sized enterprises and pointing out weaknesses in their IT security. At the same time, it is also highlighting potential measures to close these security gaps.
Measures recommended for implementation
The BASC's current recommendations are primarily aimed at SMEs and offer them a checklist of points that should be considered in order to ensure IT security in companies. A distinction is made between organizational and technical measures. Below you will find a selection of the security topics addressed:
- Provide information on risks to the management
- Clarify risks as part of governance and continuity management
- Clearly define responsibilities
- Precisely define the responsibilities of companies and IT service providers
- Sensitize employees to the topic
- Stay continuously informed about the current threat situation
- Careful handling of sensitive data
- Consciously designing company information on the Internet
- Ensuring security from procurement to disposal of the IT infrastructure
- Enforce a clear, secure and consistent password policy
- Monitor access authorizations and limit them where necessary
- Carry out regular data backups
- Continuously adapt virus protection to cyber threats
- Use firewalls and keep them up-to-date
- Use password manager/2-factor authentication
- Perform security updates regularly
- Use secure content management systems (CMS)
- Constantly monitor log files and analyze them for sensitive data
- Segment the network to limit data traffic and control access to it (damage limitation in the event of cyber attacks)
- Filter potentially harmful emails before they land in the inbox
- Monitor macros (often used for cyber attacks to spread malware or viruses, etc.)
- Monitor and clearly regulate remote access
- Use secure cloud services
Not all SMEs have the possibility and the necessary resources to assess whether and where there are security deficiencies in their IT security and which measures are urgently needed to ensure data protection. The company-wide introduction of the various measures also often requires in-depth know-how. Here it is advisable to employ experts who can quickly and reliably localize deficiencies and also provide the company with professional support during technical implementation.
At Primetrack, we have the necessary experience and expertise to assess the status of your IT security, quickly identify necessary measures and implement them promptly. Our experienced IT security expert, Marius Dubach, analyzes your IT carefully and advises you competently, while our Primetrack team gets the measures up and running professionally.
Should you have any questions or would like advice, please do not hesitate to contact: