Protection against cyber risks in the home office: still a lot of room for improvement

Swiss small businesses are demonstrating flexibility during the Corona crisis. Thanks to modern infrastructure, work can be done in a home office, provided that business activities permit this. Home office use has doubled since the beginning of the Corona crisis, so home office has established itself as a place to work. The downside: while a quarter of the companies surveyed were affected by cyberattacks in 2020, more than a third were in the second survey. This is shown by the latest study on digitalization and cybersecurity in SMEs, which was implemented by gfs-zürich on behalf of Mobiliar, digitalswitzerland, the Alliance Digital Security Switzerland, the University of Applied Sciences Northwestern Switzerland - Competence Center Digital Transformation and the Swiss Academy of Engineering Sciences. The study further reveals: The implementation of technical measures against cyberattacks is at a high level. However, there is a lot of potential in the implementation of organizational measures such as conducting security audits and employee training.

Social factors as the greatest challenge

Team cohesion, the atmosphere among employees or the threat of loneliness in the home office are mentioned most frequently when it comes to the greatest challenges for a company when converting to a home office. The second most frequently mentioned issue is the necessary technical solutions such as data and telephone access.

Online fraud figures double

The most frequently mentioned attacks were via malware, viruses or Trojans. The second most common form of attack is online fraud. This more than doubled from 6 % to 15 % compared to 2020. Technical measures alone do not help against this. Measures such as "regular software updates", "securing the WLAN network with passwords" and "using a firewall" are far above 80% in Swiss companies. So why are there still so many successful attacks?

Insufficient: Organizational measures to increase cybersecurity

The answer probably lies in this: according to the study results, fewer than half of the companies implement the organizational measures "implementation of a security concept", "regular employee training" and "conducting a security audit".

Andreas Hölzli, Head of Mobiliar's Cyber Risk Competence Center, explains: "Compared to last year's study, even more SMEs have fallen victim to a cyber attack. That is worrying. Organizational measures can noticeably complete the protection. For example, employee training is worth mentioning. Equally important: security audits - in other words, a cyber risk check of one's own company." And Prof. Dr. Marc K. Peter of the FHNW says: "SMEs are not taking advantage of many strategic potentials. The digital age and the prominent questions about home office and cyber security accelerate the need for strategy discussions and concrete measures."

Protection against cyber risks must be further expanded

Nicole Wettstein, Program Manager Cybersecurity at SATW: "It is important to further expand the information and education activities for SMEs in the cybersecurity area. According to the survey, threat awareness is high, but the feeling of being affected is not to the same extent. Many SMEs still assume they are not an attractive target for cyberattacks - there is still a need for action here."

Andreas W. Kaelin, Deputy Managing Director and Head of the Cybersecurity Dossier at digitalswitzerland, provides the following information on the direction this should take: "Last year's survey showed that a third of small companies are getting support from external IT service providers. We took this as an opportunity to develop and pilot the CyberSeal "certified IT service provider". The CyberSeal recognizes IT service providers who guarantee their customers an appropriate level of protection with the necessary technical and organizational measures. In this way, the seal of approval increases the digital security of SMEs and anchors digitization at a higher level of quality." Further information on CyberSeal is available here: www.digitalsecurityswitzerland.ch.