The Problem

The hardware that the Internet service provider originally provided (modem/router) is still being used in many smaller offices and company sites. These devices offer only very rudimentary configuration and reportingDetailed, personalized reports and objective analysis of the security condition of the network on a monthly basis. capabilities, however.

And yet, quite a few legal provisions and codes of conduct (complianceConformance with the rules - observing laws and regulations in companies, but also voluntary codes. ) apply for the data stored on a company network in Germany. Besides HGB, KomTraG, the Federal Data Protection Act, EU data protection regulations, the Betriebsverfassungsgesetz (The Works Council Constitution Act) and other regulations, industry-specific compliance requirements must also be met in many cases.

These regulations normally include

  1. MDStVThe MDStV is the State Treaty on Media Services (Mediendienste-Staatsvertrag). The objective of this state treaty is to create uniform framework conditions in all states for the various usage possibilities of the following electronic information and communication services.
  2. MiFIDThe MiFID (Markets in Financial Instruments Directive) is a European Union (EU) regulation on harmonizing the financial markets in the domestic European market. The goal is to improve investor protection, increase competition and harmonize the European financial market.
  3. TDDSGThe Teledienstedataschutzgesetz (TDDSG) governs the protection of the data of those who use teleservices. A few of the aspects affected by the Teledienstedataschutzgesetz include the imprint on a page, collection of server statistics, all types of process developments, including contact forms in which users provide personal data.
  4. IFRSThe International Financial Reporting Standards (IFRS) are international accounting standards for companies that are published by the International Accounting Standards Board (IASB). They are intended to regulate the preparation of internationally comparable annual balances and financial statements independent of national legislation.
  5. TKGThe Telekommunikationsgesetz (TKG) is a German federal law that regulates competition in the area of telecommunications and ensures that the services offered are maintained.
  6. SOXThe Sarbanes-Oxley Act of 2002 (SOX) is a US federal law designed to improve the public capital market in the US following company balance scandals. The objective of the law is to re-instill consumer confidence in the accuracy and reliability of the financial data that companies publish.
  7. KWGKreditwesengesetz – The regulations of the KWG pertain to institutes and groups of institutes. Institutes in the sense of the KWG are credit institutes and financial services institutes. The KWG is referred to as “the law that governs the credit industry.”
  8. PCI-DSSThe Payment Card Industry Data Security Standard is a set of rules on payment transactions that pertain to carrying out credit card transactions that are supported by all of the major credit card organizations.
  9. BaFinThe Federal Financial Supervisory Authority (BaFin) brings together the supervision of banks and financial services providers, insurance undertakings and securities trading under one roof. It is an autonomous public-law institution and is subject to the legal and technical oversight of the Federal Ministry of Finance in Germany. -Verordnungen
  10. FINRAThe Financial Industry Regulatory Authority (FINRA) is the approval authority in the USA that is mainly responsible for overseeing people who have anything to do with the securities industry. The FINRA is an organization that regulates itself and is thus not directly a government authority.
  11. Basel IIThe sum of the equity capital requirements recommended by the Basel Committee on Banking Provisions aimed at ensuring adequate equity capital among institutions and creating uniform competitive conditions with respect to awarding credits and trading with credits. / Basel IIIThe reform package of the Bank for International Settlements (BIZ) on the existing bank regulation policy Basel II. It represents the reaction as of 2013 to the weaknesses of the previous bank regulations that became evident after the global financial and economic crisis that started in 2007.
  12. HIPAAThe Health Insurance Portability and Accountability Act says that all organizations in the healthcare industry must obey strict rules on protecting secrecy and the integrity of patient data.

Damage can occur very quickly because there are hundreds of thousands of viruses and trojans and hardly a day goes by when new malware doesn’t show up on the Internet. Trojans can spy out customer data, intercept e-mails and attachments or gain access to accounting and wage-related data.

Using what are often privately owned notebooks, smartphones and tablets opens up other “back doors“ to the company network due to the fact that the connections to these terminals are either not encrypted at all or encrypted insufficiently.

Owners of companies and Managing Directors can be held personally accountable if IT security fails to meet the demands referred to above and/or the flawless status of network security cannot be comprehensively proven at the time that the damage occurred.