In Switzerland, cybercriminals also target SMEs because they are often less protected against attacks than large enterprises. A secure IT infrastructure is no longer sufficient to prevent the high costs of a cyberattack, ransom demands, and further damage. The employees must be involved and trained in data security to prevent attacks.
Cyberattacks are attacks on computer systems, networks or digital devices in which digital property is stolen, destroyed or used to extort ransom money. This can result in operational interruptions and massive additional expenses. Data shows that the finance department or the company’s IT department is most affected. Behind the attacks are individual hackers or criminal organizations with different intentions.
For companies, this means more than just working with professional IT service providers and investing in a secure IT infrastructure. There are several possible attacks in everyday working life: “Phishing emails” trick employees into opening attached files, disclosing personal information or changing payment details. Also, in so-called “social engineering”, hackers exploit human exposures to access data or systems. They often pose as trustworthy people to obtain sensitive information. We have long been familiar with emails in our private inboxes that say “million dollar donation from deceased aunt” or “your prize is waiting”, sometimes even personalized texts.
Another current scam towards companies is ransomware attacks, in which data is stolen, encrypted, and only rereleased after a ransom is paid.
Cybercriminals are constantly developing new strategies to outsmart systems and individuals and are continually adapting to security measures. Dealing with these risks requires constant adjustments and a holistic corporate management strategy, especially regarding the risk profile. In addition to implementing security measures such as firewalls, software updates and appropriate insurance, raising employee awareness through training and information letters is essential.
Addressing data security regularly, having explicit processes and regulated handling, such as spam emails, having a contact person if anything is unclear or employees have questions, and working with experts are necessary measures to protect your company. These steps can minimize the impact and, most importantly, the number of cyberattacks.