For years, the damages caused by cybercrime attacks have been increasing - and financially they run into the billions. Apart from that, it is not only the material damage that is a severe blow for every affected company, but also the organisational efforts that result are enormous. But you are not simply helpless against hackers - on the contrary. Find out here what you can do to protect your company effectively.

Types and prevalence of cybercrime

Statistics show what has long been observed from our own experiences and news reports in recent years and months: online attacks such as phishing attacks, spyware, etc. are increasing significantly. 86 percent of companies were affected by such attacks in 2020, according to the digital association Bitkom.

Of course, the primary reason for this is growing digitalisation, which naturally accelerates during the pandemic. In addition, hackers are also becoming more and more professional and find even the smallest security holes in the system.

Basically, a distinction is made between different types of Internet attacks:

• Ransomware
  The term stands for a type of malware that restricts or prevents access to data and systems. A ransom is then demanded for the release. Basically, all systems can be attacked by ransomware
• Web Skimming
  This refers to the process of stealing customer data, including credit card information, from online shops.
• Phishing
  Phishing is an email scam to obtain sensitive data. The name is a neologism made up of the words "password" and "fishing". Loosely translated, one can say that phishing is "fishing" for passwords.
• Spyware
  Spyware is software that sends a user's data to third parties without the user's knowledge or consent, or is used to offer products to the user via advertisements.

Ransomware attacks in particular have increased sharply: According to statistics from Statista (11.2021) 244 attacks have taken place since the beginning of the year - this is an increase of 25% compared to the previous year. Particularly affected are

1. Governments
2. Educational institutions
3. The service industry

followed by healthcare, technology, manufacturing, retail and finance.

What specifically can be done in the long term to prevent hacker attacks?

Digital protection against hacker attacks should not be limited to technologies alone. It is more important to rethink the entire corporate culture. Particular focus should be placed on the areas of payment technologies and consumer trust.

Tipp 1: E-Mail security

Many hackers use sender addresses that are very similar to those of their own company and thus almost identical. For this reason, you and of course all your employees should carefully check addresses from which you receive mails. Especially if you are requested to take action (logins, payments, etc.) in the mail.  Often the fake addresses differ only by minor spelling mistakes.

Tipp 2: Watch out for unknown links

Another point of attack for perpetrators are links in relevant mails, as these look like legitimate addresses, but in reality link to phishing sites. Tip: usually it is enough to move the mouse over the link to see the full address. If it contains cryptic numbers and character strings, you should definitely not open/click on it.

Tipp 3: Use a password manager

We recommend generating and managing passwords with a password manager. This way, you can have complex passwords created and, on top of that, you don't have to remember them yourself. A master password for the password manager (or your own fingerprint) is sufficient to use the autofill function.

Tipp 4: Multi-Faktor-Authentification

You should consider using multi-factor authentication (MFA) to better defend against hacker attacks. Microsoft offers a solution with its own Authenticator to use MFA without disrupting the workflow of employees.

Tipp 5: Take special precautions in the home office

The home office is the new work centre for many employees, not least because of the pandemic and from now on probably also in the long term. Unfortunately, the home office also harbours some risks, because most users do not have a specially set up firewall and user control in their home office. Often, work is done via a WLAN that is not adequately secured.

Automatic connections to unsecured WLAN networks should therefore be deactivated and data should only be transmitted in encrypted form. It is also worthwhile to familiarise employees with the use of a VPN / direct access. This brings us to the last point:

Tipp 6: Ensure that your employees are sensitised to the topic of "security".

Knowledge of the existing risks and protection options offer the best protection against attacks from the Internet. Therefore, users and especially new employees should be regularly informed about current attack methods and trained in how to deal with them.

Tipp 7: A valid SSL certificate should be present

SSL certificates enable the secure transmission of data between the web browser and a website. In this way, they are encrypted in such a way that third parties are denied access.

Regardless of which certificate a company chooses: SSL certificates are not valid indefinitely and must be renewed regularly after a set period of time.

Ad hoc tips for online shop operators - What you can do to secure your webshop:

• Strengthen access controls
  Online retailers should ensure that all potential vulnerabilities are protected. This includes implementing security measures, including two-factor authentication to protect a website and therefore customers. The same applies to the databases in which user information and payment transactions are stored on online shops. Authentication via different channels or devices can also increase security.

• Watch out for grammatical errors and spelling mistakes
  As with phishing, it is important to watch out for grammatical and spelling errors when interacting with users in online shops. Another risk is cyber criminals who copy your shop visually and in terms of content in order to harm you. Caution is advised here.

• Outsource critical processes
  Instead of permanently worrying about security and instead focusing on your core business again, you should outsource certain transactions to professionals. This includes, for example, the processing of financial transactions.

Of course, despite all precautionary measures, there is no security formula that can ward off and prevent attacks 100%.  However, it is important to question whether unknown processes, enquiries, mails, etc. could be the result of a hacker attack.