How can companies and organizations create a more secure IT environment?

Published December 28, 2021

IT security

IT attacks occur daily against Swedish companies and organizations. When the attacks are successful, they can knock out important societal systems, an example being Kalix municipality. The entire Kalix municipality’s IT system was attacked in a ransomware attack in December 2021. In the worst case, the municipality will have to build a completely new IT system with all that entails.

The consequences are almost inconceivable, without various IT systems everything is stopped from lists of medicines in health and care, to schedules, to be able to grant building permits to pay salaries. In addition to being an attack on welfare, it exposes the need to be able to effectively protect oneself against cyber attacks.

IT security – a work that must be ongoing at all times

There is no single simple solution that can protect a company or an organization. Some important points are:

  • Staff, employees and consultants need to receive training and insight into how common it is with attacks. Here it is also important that everyone understands how big consequences it can have if an attack is successful.
  • There needs to be policies and guidelines that help everyone within the company or organization to work safely. At the same time, the attacks are so refined that there must be tools that help employees work safely.
  • Secure and limited access to various systems and applications. There is Single Sign-On where it is possible to combine being able to work efficiently, reduce the IT department’s work with password support and at the same time manage permissions quickly and smoothly.
  • Companies and organizations need to work on making regular backups. There need to be clear routines here. From how often backups are made to how they are safely picked up in an attack. In a large organization, a working group may be needed that works together to follow up the work.

It is important to be able to limit and control permissions

For employees who need to get into several different systems and applications, it is easier with systems such as Single Sign-On. Instead of having to remember, and thus write down many different login details and passwords, one application is enough.

By being able to quickly control and monitor different accesses, the IT environment can be more secure. It should be possible to quickly terminate permissions, reassign permissions and restrict access when needed.

For a security gap is to lose control of who has access to what. Especially in larger organizations when employees and substitutes leave or change positions. It is difficult to be able to work efficiently if each authorization in many systems has to be completed manually in different departments.

It is also possible to increase IT security in the networks by being able to monitor what is happening in real time. When attacks or suspected accesses are quickly identified, it is easier to stop or limit the damage. Here it is also possible to monitor which times are most sensitive to attacks.