NIS2 makes management liable for IT security

By Tresorit Team compliance
NIS2 makes management liable for IT security

IT departments in critical national infrastructure sectors are working hard on implementing the EU’s Network and Information Systems Directive 2, or short NIS2. The responsibility, however, lies with the management – at least legally. Company executives  are personally liable for ensuring that the organization meets the strict NIS2 information security requirements.

How executives can facilitate NIS2 implementation

The implementation of the measures, such as building a secure IT infrastructure, will of course continue to lie with the relevant departments. Management, however,  should drive this process top-down in the following areas:

  • Security strategy: With a tailor-made strategy and sufficient resources, management can establish a culture of security that significantly facilitates NIS2 implementation. By collaborating closely with security and IT professionals, executives can promote NIS2 implementation in line with the legal requirements.
  • Culture and mentality: NIS2 should not be considered as a necessary evil, but as a measure that can contribute to the organization’s success: With the right strategy in place, a secure IT infrastructure prevents operational disruption by mitigating the risk of cyberattacks while boosting productivity
  • Analysis and reporting: The starting point for a well-considered approach is a comprehensive analysis of potential  vulnerabilities in the company’s IT infrastructure, simulating not only current but also possible future threats. Based on this, executives can develop a progressive security strategy.
  • Secure workflows: The next step is all about designing the technical infrastructure and processes for  secure work as well as  a data breach response plan. This means  making sure that ICT systems can be restored quickly after a disruption without major operational interruptions

Confidential data rooms as part of the security strategy

Confidential virtual data rooms like Tresorit can be a key enabler of a NIS2-compliant IT infrastructure. With Tresorit’s zero-knowledge end-to-end encryption, in-transit and at-rest data remains confidential – even if Tresorit was to fall victim to a cyberattack. Thanks to the simple integration with Google, Azure AD, and Microsoft, employees can use their familiar tools for easy and secure communication.

Access controls are a significant feature of secure solutions. Customizable access rights can hinder unauthorized parties from infiltrating the company network. At the same time, maximum transparency is guaranteed, because users can always track who has accessed sensitive information. This in combination with access logs recording any file activities ensures full control over sensitive company data .

Minimizing the “human factor” with training

Besides creating a secure digital work environment , executives play a vital role in shaping an information security culture that supports secure behaviors across the company.

Training is a crucial means of making employees aware of the risks of cyber attacks and the importance of secure work habits.

This means that in the long run, management will not only contribute to  NIS2 compliance but will also secure an advantage over  competitors: working securely prevents operational disruption and – with the right tools – can boost productivity.

Interested to learn more about NIS2? Visit our NIS2 compliance page.

Suggested Articles