headermobilesicherheit

In focus

Poor risk assessment in IT innovation

Rapid IT development brings about new corporate risks that may have serious financial and legal consequences.

The use of smart phones and laptops, sales through online stores, progressive networking to optimize manufacturing processes, industrial espionage, disclosure of company information on social networks, etc. represent totally underestimated risks for which most companies are barely protected.
Fortunately, a number of protective measures can be taken to mitigate these risks.

 

@-yet advises and helps you implement these protective measures

Mobile security

Enable data access to all users from any network point

Companies rightly regard mobility as a key competitive factor. However, the use of smartphones, pads, notebooks, and its integration into the corporate networks poses serious risks. Indeed, most smartphones are unsecured and can be easily hacked.

Thus, confidential phone conversations as well as contract negotiations can be intercepted and e-mail and contact information easily read.
Furthermore, the use of Bluetooth and WLAN interfaces allows attacks, such as reading data from hard drives and address books, as well as hacking into corporate networks.

 


@-yet approach

  • Comprehensive consulting services, particularly in relation to business-critical data
  • Integration of mobile devices into the IT infrastructure, including planning for appropriate protective mechanisms such as access concepts, PKI and encryption.

@-yet results

  • Development of an individual strategy to ensure usage patterns are consistent with security and privacy requirements.

IT-website security

Website manipulation can have serious financial and legal consequences

Websites and online stores are very vulnerable and exposed to manipulation. For example, technologies such as SQL-injection and cross site scripting allow relatively easy access to websites and shops. This may result in prices manipulation and theft and misuse of customers' credit card information. In this case, however, liability rests on the website operator, who did not appropriately provide for security.

@-yet approach

  • Safety analyses
  • Code-Review
  • Technical website review through Pen-tests
  • Creation of website security policy
  • Contract and SLA analysis of providers regarding security
  • On-site security analysis

@-yet results

  • Procedure
  • Management-Summary
  • Detailed findings
  • Recommended measures.

IT-security in manufacturing

Stuxnet was only the beginning

The use of industry standards (Windows, Industrial Ethernet, etc.), the progressive networking to optimize manufacturing processes, and numerous Internet-based service and maintenance portals exposes the manufacturing area to numerous risks..

@-yet approach

  • Thorough analysis and evaluation of all manufacturing data and processes in terms of criticality to secure the manufacturing area
  • Determining the present level of security, for example by
  • technical / organizational analysis (no pen-tests)

@-yet results

  • Holistic strategy that ensures that all mission-critical control systems, automation solutions, and manufacturing processes are protected - also considering all cost / benefit implications - against illegal attacks and emergencies.

Economic espionage

Big Brother and the neighbours are watching you

In many countries, it is enshrined in legislation that the national security service is obliged to perform targeted espionage operations for the welfare of the people. These attacks are easy to perform and can have serious economic consequences. Specifically, serious studies evidence that companies may incur a total damage of up to 20 billion Euros by knowledge loss. Therefore, adequate protection of critical data is essential for corporate competitiveness and viability.. 

@-yet approach

  • Knowledge of new attack methods
  • Current level of information about efficient protection measures
  • Sensitization and awareness training

@-yet results

  • Holistic strategy that ensures that all mission-critical control systems, automation solutions, and manufacturing processes are protected - also considering all cost / benefit implications - against illegal attacks and emergencies.

Social networks

An underestimated risk

Many people place personal information on social networks and build a relationship of trust with strangers. Moreover, they frequently reveal business-related information, such as position, names of colleagues, working conditions or information about new projects and products. On the other hand, personal and professional matters are easily mixed. As a result, attackers obtain valuable company information suitable to inflict specific damage.


@-yet offers training to raise employee awareness of the dangers of social networking

Bring your own device

Dangerous trend

Bring your own device is the current trend. Devices owned by the employee will be used for corporate purposes and even replace the company's own computers, laptops, etc. However, the benefits arising thereof are barely visible.  Does anyone truly believe that users using company's software on their devices will feel more motivated than those on the corporate system? Regardless, this trend poses enormous risks. Indeed, the company loses track of the volume and nature of accesses to the corporate network, which becomes increasingly difficult to protect. We generally advise against such form of outsourcing.


@-yet audits equipment and offers risk-awareness trainin

 

end faq

© 2013 @-yet GmbH. All rights reserved.