Is your website secure as defined by the BSI Act? Take the free check!
“We’ll do a system update for our CMS together with the next relaunch. Never change a running system!” is what many website operators may think. However, the Federal Office for Information Security takes a completely different view. Since March 2018, promptly updating your web application has been a legal requirement.
Als response to new critical vulnerabilities in all types of IT infrastructures the German government has enacted the IT Security Act. The aim of the law is to make the infrastructure more secure and to protect users and their sensitive data. Website owners whose websites violate the legislation face potentially high penalties.
“We already did an update two years ago.”
New security updates are usually released every month for the most common software systems. However, this also means that website operators need to take action every month.
If you are not sure about the state of your website, get in touch with us. Gosign will scan your website and inform you of the risks free of charge.
Do the free check!
Mandatory updates
Mandatory reporting
The law is intended to help prevent the loss of control over IT systems and infrastructures. Recent cyber attacks have not only shown how vulnerable websites are, but also how serious the consequences can be,
The German Cybersecurity Act requires operators of critical infrastructure to implement certain IT security standards and introduces mandatory reporting of serious IT security incidents. With news of credit card data loss, online fraud, identity theft and more, we can see that website owners fall into the legal category of “critical infrastructure operators”. One of the easiest and most effective ways to maximize website security and stability is to apply the latest security updates.
The protection of information technologies is now mandatory. Organizations must do their part to protect and secure their systems to the best of their ability.
“Acting – i.e. updating – is better (and cheaper) than reacting to a hack.”
Operating a website with outdated software is not only a question of “risk assessment”, but also a legal issue. If security updates are not installed, there is a risk of warnings and fines. The IT Security Act obliges website operators to take appropriate technical and organizational measures against unauthorized access of any kind. Imagine what the loss of business-critical information could mean for you. What would it cost you per hour or per day if your website went down? And the cost of repairing it as quickly as possible? Think not only about the cost of lost business, but also the loss of trust with your customers.You can keep your website up to date today and secure it for the long term. A simple and effective way to keep track of maintenance and security is to use the latest versions of supported and maintained software and install updates promptly.
TYPO3
TYPO3 as a CMS is a good choice for a number of reasons. It is actively maintained, has clearly defined update and support cycles and is supported by the developer community. The community supports each Long Term Support (LTS) version of the CMS for three years after release with security and bug fix releases. A paid Extended Long Term Support (ELTS) version is also possible.
Editorial system WordPress
WordPress can also be updated at any time, but is somewhat more complex to maintain, as the security maintenance of the extensions can be somewhat more complex, depending on the configuration.
Shop system Magento
As a store system, Magento usually also collects personal data. Fines can be higher here. In addition, the obligation to report security incidents often applies. The operator should also protect themselves here with a prompt update policy.Security and stability.
In addition, Gosign provides support for many other systems with additional services, such as security audits, so that you can get a clear picture of the status of your website. The focus here is on security and stability.