The IT Security Act

The Bundestag has launched the IT Security Act. But what does it mean for you?
In future, around 2000 companies will be obliged to report hacker attacks and equip their networks according to minimum standards. Answers to the most important questions about the new law:

1 What is the IT Security Act about?

Companies are to protect themselves better against attacks from the network. To do so, they must meet certain minimum requirements and prove that their IT infrastructure is armed against cyber attacks. Companies have two years to meet the requirements.

The corporations are also obliged to send a report to the BSI as soon as criminal hackers attack the corporation. The incidents are transmitted anonymously. Only if systems are threatened with failure will the name of the corporation be mentioned. Those who do not comply with the new rules face a fine of up to 100,000 euros.

The new rules also oblige telecommunication providers to warn their customers if they detect the misuse of a website or an attack on a computer. This affects customers, for example, if a computer is harnessed for a bot network. For attack detection, telecom providers are allowed to record traffic data and store it for up to six months.

2 Who must comply with the new rules?

The law is primarily intended to protect important sectors of the economy from cyberattacks. This includes about 2000 companies, for example energy providers, hospitals and banks. The government justifies the regulations with the fact that successful attacks in these areas could have an impact on the community. The new regulations are intended to ensure that, for example, water supply, rail transport and telecommunications are not endangered.

Federal authorities must also comply with the law. However, this does not apply to the Bundestag, which is itself responsible for IT security. Yet the recent massive hacker attack on parliament shows that MPs' computers are also vulnerable. Four weeks after the discovery of a cyberattack on the Bundestag, IT experts have still not managed to banish the malware from the network.

3 Can the circle of affected companies be expanded?

A very clear YES! - This is up to the federal states and they can bring other areas under the obligation with further resolutions. It can be assumed that the federal states will follow the recommendations of the industry associations and will defacto adopt IT security standards, which will then be binding for all companies. We therefore urgently advise our customers to deal with IT security issues today and to evaluate various solutions. We at EnBITCon advise you to take a closer look at the following products:

Safeguard - protection for data at any location

• Enables productive work because sensitive data can be stored securely anywhere: on laptops, USB devices, in network drives and the cloud, with minimal impact on performance.
• Saves time because data protection policies are defined and managed from a central console.
• Manages all devices in the enterprise from a central location - including BitLocker or FileVault 2 encrypted hard drives and self-encrypting Opal drives.
• Leverages the latest processor technology to make encrypted systems work faster than ever before.
• Facilitates compliance with reports and policy enforcement.
• Manages keys, enabling authorised users to share data securely and easily.

Today's users access corporate data from many different devices to be productive. With our encryption solution, you can easily protect data on all the devices they use. You can rest assured that your data is safe everywhere - on personal devices, network drives and in the cloud. Windows 8, 8.1 and disk and file encryption on Macs are supported as standard.

Sophos SafeGuard Enterprise is the optimal solution for secure encryption and reliable protection of all your data - on computers, in networks and in the cloud.

Sophos Enduser Protection

Protect all users and devices in your organization from malware, spam, data loss and more with our end-user protection bundles. Sophos is the only vendor to offer you highly effective security for endpoints, mobile devices, email and internet access, as well as state-of-the-art encryption - with per-user licenses and the industry's best support.

Highlights

• Protects all users, anywhere, on any device
• Licensing per user, not per device
• Protects Windows, Mac and Linux against known and unknown malware and targeted threats
• Manages mobile devices with popular operating systems such as iOS, Android and Windows Phone
• Blocks spam, blocks malware and enforces data policies at the gateway and on Microsoft Exchange
• Enforces Internet policies at the gateway and endpoint
• Encrypts drives, mobile devices and emails easily and efficiently
• Backed by our global network of experts, SophosLabs, and industry-best support

Sophos Mobile Control

With Sophos Mobile Control, your employees can collaborate securely and productively, across the enterprise.</pY

Sophos simplifies enterprise mobility management (EMM) for BYOD environments and maximises data security. Sophos Mobile Control (SMC) has an intuitive management console that lets you keep track of all apps, devices and data. SMC provides comprehensive security - from best-in-class malware protection to secure file sharing of sensitive corporate documents using encryption.

Highlights

• Centralised solution for all current mobile platforms
• Role-based WebConsole
• Over-the-air policy and app deployment
• Self-service portal
• Automatic control of device compliance
• Remote device location, lock and reset
• Distribution of corporate documents to user devices
• Secure collaboration via Secure Workspace
• Web filtering, antivirus and security control on Android devices
• Deployment as either local or SaaS version

Of course we also support you in evaluating. Contact us!