To date, at least 30 % of all companies worldwide have had their cyber security put to the test by attempted cyber-attacks (Cisco). Whether an attack against your business will be successful depends on the security measures you adopt and on the level of training your employees receive.
Measures relevant to data protection and IT security include:
- Robust hardware and software architecture (security by design)
- Proven standards for data and data processing (i.e. according to GDPR)
- Placement of skilled employees at strategic points within the company enabling a fast response to security alerts
We provide support not only in data security but also in the field of internal communication and are an integral part of a company’s security structures. To ensure maximum possible protection, integrated solutions, precise processes and transparent communication have to act in harmony.
- In 2019 it turned out, that the credit card data of approximately half a million British Airways customers had been stolen (Independent.co.uk).
- At end of 2018 «Marriott» learned that hackers had had access to their internal systems since 2014. The data of approximately half a million customers were stolen (Forbes.com).
- In 2018, the security of app “My Fitness Pal”, owned by Under Armour, was breached with 150 million users affected (Reuters).
- In 2017, there was a data leak at Equifax compromising 147.9 million user data (Equifax).
In 2016, Kris Kormany carried out a market study on cyber security in Germany, Austria and Switzerland . The study clearly demonstrated the existence of substantial potential risks for data security in medium-sized and larger companies. In addition to external actors, the main cause of these, was the company’s own employees (insiders).
In 2017, Kris founded TECHWAY GmbH to provide you with an effective response to these challenges.
You will receive a comprehensive analysis of your company’s IT structure, data flow and user behavior: Based on that analysis we will recommend to you best practices to be implemented that are precisely tailored to your company. These include consulting, training and the integration of proven software solutions. Our aim is a practical balance between security, availability and integrity.
Since its founding in 2017, TECHWAY has developed and implemented solutions for over 5.000 users. Please call or write us if we can be of assistance to you too.
Legal Of Counsel
We analyze your processes according to a standardized procedure. We give you an unequivocal determination of whether your existing cyber security measures are efficient and effective enough. On that basis we then develop recommendations to improve your company’s cyber security, enabling you to actively take steps against risky activities and to keep track of critical areas .
We implement best practices within your company, that are tailored to your company’s IT infrastructure and the needs of your employees and clients, reducing administrative effort and costs while at the same time enhancing security.
There is no universal solution to cyber security. Each company evaluates the primary focus of their cyber security strategy individually:
ANALYSIS & ACTION PLAN
- Interview with security heads
- Requirements engineering
- Risk analysis
- Customized report including recommendations for appropriate action
- Dark Net analysis: footprint of your company to enable early intervention
- Data acquisition for subsequent cyber risk analysis
- Report on vulnerabilities including catalog of measures
- Vulnerability management
BUILDING AWARENESS AMONG EMPLOYEES
- Phishing campaigns for analysis and training purposes
- Implementation of measures to improve the acceptance of the cyber security strategy
- Presentation of relevant cases
- Education on the spot
The Dark Net is available for anyone who knows how to gain access to it. By applying leading solutions for the monitoring of information in cyberspace, suspicious behavior and business-critical data accessible in the Dark Net can be identified swiftly. For example, we can find out if sensitive information about your company is in circulation. Even an unauthorized collection of private information by employees might suggest malicious activity.
We analyze the Internet, the Deep Web and the Dark Net. This enables us to deliver immediately usable information on current threats to organizations across industries, giving you the time you need to protect your intranet against an external attack.
The faster your response, the smaller the damage.
DARK NET MONITORING
- Permanent monitoring of footprints and current threats on the Dark Net.
- Swift reporting/alerting if sensitive data appears on the Dark Net or attacks are imminent.
- Monitoring of credit card data, malware, mobile apps
SOCIAL MEDIA MONITORING
- Monitoring of users, groups and comments
- Instagram/Snapchat/Pinterest, Facebook/Twitter, LinkedIn/Xing
- Detection of unwarranted criticism or defamation
- Identification of brand abuse and copyright infringements
- Demonstration of technical solutions and possible legal proceedings to restore the status quo
BAD ACTOR DETECTION
- Collection of evidence
- Strategic approach for permanent protection
- Early detection of potential attacks against your company
Suspicious or unauthorized behavior can be prevented. Threats by insiders can occur when current or former employees, contractors or business partners abuse their access to the company’s network, system and data. This risk can be minimized effectively by classifying each individual actor based on completely anonymized risk scores.
Complete documentation, on the basis of protocols and screen recordings, allows a legally compliant and efficient approach. By involving all the relevant bodies in a company, we ensure fluent functioning of the process.. Proven processes and best practices increase security without slowing down projects.
Automated audits raise the security awareness and personal responsibility of the employees.
Our monitoring processes comply with the relevant laws and meet the highest requirements on data protection. They definitively show who was in touch with critical data at what time.
- Preparation for audits
- Adjustment of structures to PCI-DSS, EU-GDPR, ISO 27001 etc.
- Employee training on the job
- Virtualized system with low resource requirements
- Readiness for operation within a few days
- Recordings admissible in legal proceedings
- In case of risky operations, the system reacts automatically
- Collection of all relevant data and information intended for use by the security head
- Proactive approach against data theft: if predetermined activities take place, user accounts can be logged out or programs and closed, and an automatic alarm is triggered.
DATABASES FOR MACHINE LEARNING
- Collection and evaluation of previous incidents for the identification of particularly vulnerable areas.
- Establishment of a security database including behavior analyses, actively protecting against avoidable attacks
- Early identification of suspicious behavior as a result