Get ready for the NIS2 Directive with an end-to-end encrypted platform
Who’s Next: What you need to know about NIS2
12 September 2024
3pm
Zoom
EN
Still have questions about NIS2? Our security experts will explore the ins and outs of NIS2, providing practical implementation tips.
NIS2 is the order of the day - prepare for it
Recommendations in cybersecurity are no longer enough – actions are needed. This is where the European Cybersecurity Directive NIS2 will make a difference. Businesses must take concrete steps by October 2024. Otherwise, they risk costly ramifications and even serious sanctions for senior executives.
Connected digital processes, rampant cyber attacks, and a growing hybrid workforce – are just a few symptoms of our highly tech-reliant business world. The impact of security breaches on critical infrastructures can extend beyond business losses, putting the economy and society at risk.
2025
by January, entities must submit first reports about their NIS2 measures to the national authorities.
2024
by October, Member States have to transpose NIS2 into their national laws.
Effectively stand up to the rigor of NIS2
- The NIS2 (Network and Information Systems) Directive marks the European Union’s aim to strengthen the cyber resilience of a highly digital and risk-exposed economy and society. Compared to its predecessor NIS1, the new direcive introduces stricter cyber security measures for a broader number of sectors, deemed as critical for businesses’ and citizens’ everyday life.
- The directive applies to a range of entities operating in 11 essential and 7 important sectors. Company size and turnover are the rule of thumb for deciding which company falls under the directive.Both entity groups must fulfill the same requirements. However, essential entities considered critical for the society’s functioning, will be proactively supervised. Whereas, important entities will undergo scrutiny only after a non-compliance is reported.
- Entities must take the following measures (Art 21) to protect their network, information systems, and physical environment from incidents:
- Risk analysis & information system security
- Incident handling
- Business continuity measures
- Supply chain security
- Security in system acquisition, development & maintenance
- Policies and procedure to assess the effectiveness of cybersecurity risk management measures
- Basic cyber hygiene practices and cybersecurity training
- Policies and procedures on the use of cryptography and encryption
- Human resources security, access control policies and asset management
- Use of multi-factor authentication, secured voice/video/text communication and secured emergency communication
- NIS2 defines stricter fines for non-compliance and personal accountability on senior management level:
- For essential entities: administrative fines of up to 10 million euros or 2% of the total annual global revenue in the previous fiscal year, whichever amount is higher.
- For important entities: administrative fines of up to €7 million or 1.4% of the total annual global turnover in the previous fiscal year, whichever is higher.
- NIS2 places a great emphasis on cloud security. The new directive has not just been extended to cloud providers, but also reinforces the reliance on secure cloud solutions by adding supply chain security as a new requirement.In addition, NIS2 mandates that security should be a priority whenever a new system is deployed, developed, or maintained. No wonder that cloud security is embedded manifold in the NIS2 lingo. Multi-purpose cloud platforms secured by state-of-the art cryptography can help you fulfill many of the NIS2 requirements.
- Both legislative frameworks have been established by the EU to enhance cybersecurity and operational resilience.While NIS2 applies to a broader industry spectrum, DORA (Digital Operational Resilience Act) focuses specifically on the financial sector. NIS2 is a directive, whereas DORA is a regulation. NIS2 sets a course with the obligation for the EU Member States to transpose it into their national law. DORA is a binding legislation for all Member States after its entry into effect in January 2025.
- Here are the key preparation steps that help you set up your organization for NIS2 compliance success:
- Understand the scope and requirements of NIS2
- Identify your organization’s gaps in the context of NIS2
- Establish a holistic cybersecurity framework to close the gaps
- Implement the legal, technical, and organizational measures
- Design regular audit practices to ensure the effectiveness of your NIS2 strategy
The NIS2 Directive, in a nutshell
Tresorit supports service providers on their NIS2 journey and beyond
Easily implement the NIS2 cybersecurity standards across your content workflows
Other NIS2 industry groups can also rely on Tresorit
Water Supllies
Digital infrastructure
Transport
Energy
Public sector
Space travel
Electronic communication
Waste water
Digital service providers
Producing of chemicals
Postal and courier companies
Waste management
Food
Digital services and data center
Research
Manufacturing
*Essential entities include the original NIS1 critical infrastructures, along with new sectors added under NIS2. As a new category introduced in NIS2, important entities cover a wider but less critical range of sectors. Company size and turnover play also a role when determining if your organization is impacted by NIS2.
One platform, multiple benefits
Automatic end-to-end encryption & zero-knowledge
that your employees, clients, and partners cannot bypass - bad actors will never be able to exploit.
One platform for secure storing, sharing & signing
that have been built for securing your entire document management lifecycle - without risky system switches.
Utmost security for external & internal file sharing
that helps you facilitate risk-free collaboration across your supply chain, client base, and entire organization.
A platform designed for compliance
that has proven to be the perfect choice for the strictest regulatory requirements - GDPR, HIPAA, TISAX, FINRA, including NIS2 & DORA.
Intuitive interface & integrations
that naturally adapt to your work style while supporting secure work habits - whenever you touch on a sensitive document.
Strong access & sharing controls at your fingertips
that empower you to regain control over your data flow, supervise who and when can access your content, and detect suspicious events in-time.
How can Tresorit help you meet the NIS2 requirements?
- NIS2 article 21, (2)h
Ensure automatic encryption for all your collaboration
Implement strong encryption in seconds. Enforce its use without hassles. Built-in encryption offers you the shortcut to genuine security habits. Tresorit’s zero-knowledge end-to-end encryption makes it impossible for unauthorized parties to access your internal and external communications.
- NIS2 article 21 (2)e
Encrypt the channels of your vulnerability disclosure
Prevent your vulnerability analysis from falling into the wrong hands. Tresorit ensures that detected security flaws will stay between you and your trusted partners.
- NIS2 article 21, (2)h
Fortify your supply chain’s security posture
Tresorit ensures risk-free collaboration across you supply chain. Ensure business secrecy, seamless information sharing, and integrated document signing via Tresorit’s secure data rooms. Use email encryption and hit the button with full peace of mind.
- NIS2 article 21,(2)i
Automate & enforce strong access control policies
Keep the information exchange inside and outside of your company in check, with granular security controls, watermarks, and audit logs. Enforce 2FA, supervise, and analyze how people interact with your content – from sharing to requesting files, from data room collaboration to signing.
- NIS2 article 21, (2)b
Bolster your incident handling processes
Act promptly whenever an incident occurs, without extending your attack surface. Set up a confidential data room immediately to speed up detection and recovery. With Tresorit, you can easily exchange sensitive information with competent personnel, authorities, and CIRTs.
- NIS2 article 21, (2)g
Effortlessly empower cyber hygiene practices
Instill secure work routines into your company’s culture with no hassles. A user-friendly tool with automatic encryption from sender to receiver and versatile security controls is the best way to go.
- NIS2 article 21, (2)c
Business continuity with a platform built for resilience
Deliver friction-free services even in the face of an attack. With backup files securely stored in our cloud, you can bounce back in no time. Your collaborative processes can smoothly flow with 24/7 access to your files from anywhere - no matter the severity of the incident.
- NIS2 article 21, (2)e
Ensure security in system acquisition, development & maintenance
Replace your disjointed ecosystem of apps with a single secure platform. Centralize your company’s sensitive content flow into a protected workspace, built in line with the Secure Software Development Lifecycle principles.
Who’s Next: What you need to know about NIS2
12 September 2024
3pm
Zoom
EN
Still have questions about NIS2? Our security experts will explore the ins and outs of NIS2, providing practical implementation tips.
Customer success stories
Compared to other services like Dropbox, Tresorit’s solution is much safer, compared to manual encryption, it’s less hassle, and compared to other online services, it offers a much better overall package.
Dr. Tobias Zimmermann, Research fellow, The Cardiovascular Research Institute Basel
The ability to manage access permissions at a granular level, granting only authorized individuals the ability to view, edit, or share confidential documents allows us to operate at highest security standards with uncompromised end-to-end encryption.
Henk-Jan Angerman, CVO at Secwatch
We need to have this extra layer of security when it comes to certain topics and handling personal data, we do it with Tresorit.
Raza Perez, Strategic Operations Lead at Trade Republic
Since the introduction of Tresorit, our confidential documents are only exchanged through Tresorit – and things have become secure, controlled and run smoother for all parties involved.
Felix Nolte, Solution Manager Workspace at Viessmann IT Service GmbH
Resources
Learn how to guarantee information security with end-to end encryption
