Keeping your information secure! An interview with Marco Weis

A strong password has...

• at least 8 characters (the longer, the better)
• special characters
• upper and lower case letters
• digits

...in as random a sequence as possible so that it is as difficult as possible for hackers to trace.

It is recommended that you think of a sentence and use the first letters of this sentence. Some letters can also be replaced with numbers or special characters, e.g. an "E" becomes a "3".

This procedure is the usual recommendation and works very well.

Where possible, you should use two-factor authentication or multi-factor authentication. This involves requesting a code, for example, which you receive via a separate app, a call or by email and must enter when logging in. Such mechanisms offer an additional hurdle for attackers that is very difficult to overcome, even if the password is published somewhere.

What can you do to keep track of all those passwords without hiding them on a piece of paper under your keyboard? There are now helpful password managers, i.e. software that manages passwords.

Such password managers are recommended both professionally and privately.

Never write passwords on a post-it note or share them on the phone or by email! Here, too, social engineering is used time and again, with attackers pretending to be IT administrators and asking for the password. However, this is complete nonsense, because real admins or even our service desk at the BAUR Group would never ask for a personal password! Whenever someone asks for your password, please never give it out, because it belongs only to you and will never be shared!

It is advisable to create several email addresses that are used for different purposes. The classic solution is one or more legitimate email addresses and so-called "disposable email addresses". The latter can be used to test a service without running the risk of the legitimate e-mail account being accessed by third parties. In addition, please never use the same email address and password for different accounts, because as soon as one account is hacked, the attackers can also use this access data to log in to other platforms.

As already explained with phishing, attachments with malicious code are added to the email or the emails contain links that lead to pages that download malicious code to the smartphone or PC. You must always be extremely careful here, both privately and professionally. E-mails should therefore be read carefully by checking

1. What does the sender want from me?
2. Do I know the sender or is it a stranger?
3. Does the topic match my area of responsibility and does the request match the sender?
4. How is the spelling and grammar?
5. Is the personal form of address correct? Especially in companies such as ours in the BAUR Group, where we all address each other as "Du", it is particularly noticeable when colleagues suddenly address you as "Sie".

Some form of antivirus software should be installed on every end device. Some operating systems already contain security mechanisms that perform basic checks for viruses. However, it is better to install additional software that is updated regularly. The operating system on PCs, smartphones and other devices should also be checked regularly for updates, as these are often used to close vulnerabilities.

Especially in a private environment, you should use an external backup, e.g. in the form of an external hard disk or simply a USB stick. This way, the information is once again backed up separately from the end device, just in case something goes wrong.

When using social media, it is important to think carefully about what you want to reveal about yourself. It is also advisable to create a private profile so that you have more control over who you show what content to.

At home, you should make sure that you use a secure WLAN. This means using a password that is as strong as possible.