EN 
DE 2022 was one of the years in which there was an increase in attacks on critical infrastructure as part of hybrid warfare, as well as attacks on companies by criminal hacker groups. The damage caused by these attacks totals millions of euros worldwide every year. The interface between man and machine via so-called phishing attacks (social engineering) poses a particular threat to companies' data security and data protection.
Since the beginning of digital data storage, Mull und Partner Ingenieurgesellschaften have continuously improved data security through technical (e.g. redundant data storage, storage of data on raid systems, distributed backups, firewalls, VPN access) and organisational measures (e.g. access authorisations, group memberships). Even before the introduction of the EU GDPR, personal data protection was consistently implemented, even for analogue data storage.
Due to reorganisations within the MuP Group, three data protection officers have now been appointed for personal data protection. In regular online meetings, the data protection officers discuss current issues and developments in data protection and data security with each other and with the MuP Group's Executive Board. In addition, the data protection officers are available to employees as contacts for questions relating to data protection.
To simplify the reporting of possible data protection breaches, a Group-wide reporting system has been set up for employees, which can be used to collate the information required for a data protection impact assessment. In the event of a report, not only the data protection officers but also the administrators of the group are informed of the possible incident so that protective measures (e.g. blocking mails, blocking systems, preventing programmes from being executed) can be initiated immediately. The data protection impact assessment is used to determine the extent to which the data protection incident must be reported to the responsible supervisory authority.
The data protection officers are already informing employees about possible dangers when using mailing and the Internet. So-called penetration tests are being planned to recognise vulnerabilities and further increase employee awareness. Well-informed and well-trained employees are particularly important for the cyber resilience of the MuP Group.
