IT security is a shared responsibility

As leader of the IT security team, Verena Köhler has a great deal of responsibility and a clear mission: to protect the company and its customers from digital threats – today and in the future. We talk with her about dangers, responsibility and trust in a digital world.

Because trust and responsibility are our most important assets. Our customers, employees, suppliers and business associates rely on us to keep their data safe – and we do everything we can to justify this trust. IT security not only protects servers and passwords, but also safeguards the stability of our processes, the quality of our services, the delivery capacity of our online shop, the provision of digital offers such as our X-CODE Manager and, last but not least, our reputation. Particularly in an increasingly digital world, IT security is not just a nice-to-have, but an essential requirement.

For us, IT security is not a stand-alone project, but a central component of our corporate strategy, which is why I work very closely with our CFO Florian Wiedemeyer. I am responsible for technical IT security at HANSA‑FLEX. My tasks range from developing our IT security roadmap, via planning and implementing specific protective measures, to coordinating audits, training and emergency drills. When it comes to security, I am also the first point of contact for internal and external stakeholders, who include our IT department as well as the board of management, employees worldwide and our service providers.

The threat situation is extremely dynamic. Cyber-attacks are often professionally organised, and ransomware – the encryption of data – is one of the biggest risks for companies. But traditional phishing attacks via emails with faked sender addresses also continue to be an issue. Potentially, anyone in the company can be affected, which is why we are investing heavily in education, technical safeguards and early detection.

With our comprehensive mix of technical tools and organisational processes, we are well prepared. We use continuous network monitoring, have strong password policies and two-factor authentication, operate effective device protection, and only allow the use of specific hardware and software which we carefully evaluate in advance. In addition, we regularly have penetration tests carried out in which external IT security experts attempt to attack our networks. In all projects we also consistently take IT security into account right from the outset. 

Among other things, through our multilingual e-learning platform with short, easy-to-understand training modules. All employees worldwide are required to take part in these training courses, which are supplemented by ongoing phishing simulations. Anyone who clicks on a simulated phishing link is immediately shown an explanation of why it was in fact a phishing email. In addition, we offer special training for roles that are particularly critical to security, such as in accounting or IT. What is important to us: IT security has to be understandable and fit for everyday application – not just technically correct. In addition to raising awareness, it is important for us to support our colleagues with practical tools, such as the phishing report button in Outlook.

Every day holds something new – whether it's IT security reports from Germany's Federal Office for Information Security, meetings with the IT department and external service providers, or information events on IT security for a range of employees. I deal with specific security measures as well as strategic issues for the future. It’s a mix of technology, processes, communication and coordination.

The dynamism and diversity, the opportunity to shape the future, and assuming responsibility. I learn something new every day and I enjoy raising people's awareness of an important, often underestimated topic. For me, IT security also means making complex, technical content understandable for everyday purposes: in other words, building bridges between expertise and practical operations.

In the past, the main focus was on protecting local servers. Today, we are a company that operates worldwide and thinks globally. Whether it's cloud services, online shops, mobile devices or a global workplace strategy – requirements are growing all the time, and we have to be prepared for them. We are purposefully building standardised, globally uniform security architectures that will accompany us securely into the future.

AI is becoming increasingly important in the field of IT security. AI can help our IT staff by detecting attacks and anomalies in our networks faster, and reducing the number of false alarms. We are already using it in a variety of tools and are continuing to expand this area – while, of course, also taking compliance and data protection into account. 

IT security is not an issue that is limited to IT. IT security is always a shared responsibility that affects not only the entire company, but also our customers, business associates and suppliers. The same applies in both our business and private spheres: every contribution counts when it comes to making sure our digital data remains protected and we are optimally prepared for cyber-attacks. And that's why we at HANSA‑FLEX not only rely on technology, but first and foremost on communication, transparency and teamwork.