Is my information at risk? An interview with Marco Weis
14. Mär 2023
In a digital world, sensitive information requires special protection. Marco Weis is Information Security Officer at the BAUR Group and explains what information security is all about and what dangers lurk when using the internet.
Hey Marco, please introduce yourself.
Hey, my name is Marco Weis, I'm 28 years old and I currently live in Hochstadt am Main. After completing my training as an IT specialist at an automotive supplier, I worked in various IT areas there, including as an administrator.
Later, they were looking for someone for information security and as I was already familiar with many areas of the company, I was asked to look at this position. For this job, I got certified as an Information Security Manager at TÜV and from that moment on, I was the Information Security Officer at my previous employer. I then changed companies and took on the role of IT Security Manager until I became Information Security Officer there again. I have now been working as an Information Security Officer at the BAUR Group since November 2021. In addition to my very office-based job, I do weight training three times a week, take photos and listen to a lot of music.
You are responsible for information security. What does this term actually mean?
By definition, information security is "the maintenance of protection objectives in relation to information". That sounds rather abstract, but what exactly does it mean? We try to maintain the protection goals of confidentiality, availability and integrity for the information that we process (especially in a business context).
Information security therefore attempts to safeguard these three major protection goals.
Information that we process can take various forms. The classic form nowadays is the processing of information in the form of digital data - i.e. somewhere on a PC, on a storagesystem or in the network, data is used and moved to different storage locations. Information in paper form is no longer so common, but it still exists. The knowledge we carry in our heads is also very important. The know-how of our employees must therefore also be protected.
This wide range of information must of course be processed and this is usually done using assets. Assets can be PCs, smartphones, servers, etc. As these are used to process information, we must also take them into account and protect them.
Digitalization has made many things easier, but some things have also become much more complicated. The problem is that even for us, especially in our private lives, it is not clear what has actually increased in complexity.
Social Media
Social media and apps are designed to be extremely simple for us as users. should be as simple as possible for low entryhhurdle arise. But what in the background is unfortunately often very opaque. What is my data even used for? Does the provider pass on my data and if so, where to?
In addition, social media users are encouraged to share as much information as possible, e.g. by adding further information to their profile. However, the question is whether this information is really necessary. Users should be particularly careful here and think carefully about what data they want to disclose.
The problem is that many users underestimate the danger. Fraudsters use data for their activities, such as identity theft. They use names, addresses and even pictures of a person to create fake identities. In the worst case scenario, the police are then at the door because they were able to trace the person using a picture. Users should therefore pay attention to the choice of profile picture so that it does not provide a target for scams.
Large platforms in particular are repeatedly targeted by hackers. During these attacks, users' emails and passwords can be stolen. You should always be aware of this, especially when using large platforms.
Online stores
It's not just social media that you have to watch out for, but also online stores, because there are now a lot of fake stores. Nowadays, it is relatively easy for fraudsters to set up a fake store and advertise suspiciously low prices or particularly good conditions. In the most harmless case, the person making the purchase "only" reveals their own access data; in the worst case, they even send money, which is then gone.
Social Engineering bzw. Phishing
Social engineering, i.e. scams that aim to exploit the good nature of victims or intimidate them, e.g. by using an authority.
There are various forms of this:
Phishing per Mail
Phishing through calls or SMS
Spear- Phishing
So there is a whole range of dangers, challenges and issues that go hand in hand with increasing digitalization.
You can find out how Marco and his colleagues protect information in the BAUR Group and what you can do to keep your information secure in the next blog post!
0Noch keine Kommentare
Die mit einem Sternchen (*) gekennzeichneten Felder sind Pflichtfelder. Bitte fülle diese aus, um deine Kommentare erfolgreich abgeben zu können.
Hello and welcome to the BAUR Group JobsBlog! My name is Sabine and I regularly write blog posts for you as a working student in the HR Marketing team.
Have fun reading!