There is a general security risk on the Internet, as data transfer on the Internet is always unencrypted. To ensure that emails can only be received and read by authorized persons, there are various security mechanisms for encrypting emails. This also fulfills the requirements of the General Data Protection Regulation.

end-to-end encryption

End-to-end encryption guarantees a high level of security in data transfer. Before an email is sent, it is encrypted by the sender, remains encrypted across all transmission stations and is decrypted again by the recipient. This mail encryption provides complete protection that does not allow any intermediate stations to be involved. This ensures increased confidentiality, authenticity and integrity of the data.

Furthermore, emails are encrypted using digital signature procedures with two keys. Each user generates a private signature key (private key) and a public verification key (public key). With the help of the public key, every user can encrypt their mail and only the owner of the private key, who decrypts the encrypted mail, can decrypt it again. The public key can therefore only encrypt the data and the private key can decrypt it again. This type of coding is called asymmetric encryption. Although it is slower than symmetric encryption, in which the sender and recipient have a shared key, it is more secure.

Mail encryption for servers

Encryption is an established standard for email servers. This is done using various encryption protocols. These include, for example, Transport Layer Security (TLS), which is used by most web browsers and web servers, such as Firefox. Encrypted communication between a computer and a web server can be recognized by the Hypertext Transfer Protocol Secure (HTTPS) or by a small lock in the browser bar. Different exchange protocols are assigned to different ports for unencrypted and encrypted communication between mail servers. Port 25 is normally used with the Simple Mail Transfer Protocol (SMTP), i.e. unencrypted. Encrypted communication can, for example, take place via port 465 using the Simple Mail Transfer Protocol Secure.

The topic of email encryption is very important, as it is expressly recommended by the European General Data Protection Regulation (GDPR). The GDPR is fully included in the IT service of the Bremen-based company b.r.m. IT & Aerospace is fully included. If you have any questions about sending and encrypting emails, please contact us.

The Microsoft Teams platform is used by many companies for video conferences or other chats. Confidential documents are often exchanged in the process. However, researchers have now discovered that there is a security vulnerability at Microsoft.

After installation, many companies leave Microsoft Teams in its default configuration and rely on Microsoft's security barriers. The default configuration allows authorized team members to communicate with other external users. As a result, there is a basic risk of phishing, a method by which hackers attempt to obtain confidential information from a team member or the company using a form, for example. However, staff are often trained for precisely these cases and recognize the danger due to the dubious or conspicuous links in emails. In addition, the security barrier warns of the attacks with messages and restrictions.

Where is the security gap?

A team of researchers from the British security company Jumpsec has found a way to circumvent the security barrier of the standard configuration of Teams. To do this, the IT experts changed the recipient ID for the post-request of the message from external parties. As a result, the external message with the malware is identified as a message from an authorized team member and is not recognized by the Teams security control. This makes the phishing attack more difficult to detect by trained personnel and leads to the introduction of malware, which in turn can endanger all team members of the company. Unauthorized persons are able to gain access to sensitive data through this security gap. This security gap poses a massive threat to compliance with the GDPR.

At the Bremen-based company b.r.m. IT & Aerospace, the GDPR is secured by a certified data center. Our technical and organizational measures (TOM) as well as security analyses and risk assessments improve the IT security of your company. The efficient consulting and support of our customers has helped b.r.m. to win several awards in the field of IT security and even the environment, as the b.r.m. data center is not only GDPR certified, but also Green IT certified. If you are interested, you are welcome to contact the Managing Director of b.r.m. Harald Rossol if you are interested.

Cloud services are being used more and more frequently and intensively. It is important to know what a cloud is and how a cloud is structured.

How this infrastructure is structured

In short, the infrastructures create multiple external storage locations. A cloud infrastructure essentially consists of four different components. These include the hardware, virtualization, storage and the network.

Hardware is the physical elements of a cloud infrastructure. These include, for example, servers, routers, switches and much more. These can be in different locations.

Virtualization then connects the servers with each other. The software, which is located on the physical hardware, centralizes the computer's resources in so-called pools.

The data is then stored in storage rows on the numerous disks in a data center. Software is used to create a new backup and the outdated backup is removed. This ensures that data is retained in the event of a power failure, for example.

The last component of the cloud infrastructure is divided into physical and virtual networks. The physical part includes cables, switches and other devices. The virtual networks are built on the basis of the physical networks.

Cloud computing

The cloud infrastructure is the prerequisite for cloud computing. It provides IT resources via the internet. In addition, there are various models, which are explained in detail here. As this model can be described as an external location, the payload that was previously uploaded can be accessed by the user at any time.

Clouds are being used more and more frequently because they are very flexible and offer a large amount of storage space. However, cloud services are also a popular target for hacker attacks due to the amount of data they contain. Furthermore, the various cloud platforms are very questionable in terms of data protection. At b.r.m., our customers' data is optimally secured with the help of our GDPR and Green IT-certified data center. We also have a data protection officer who will be happy to answer any questions you may have.

In the age of digitalization and a shortage of skilled workers, it is particularly difficult to find reliable IT partners. But with Huith IT, b.r.m. has a reliable and competent service partner at the ready.

Reliable partner

Tarek Huith has been self-employed with his company Huith IT since 2009. The trained IT systems electronics engineer works from the company headquarters in Weyhe and is always working on creative solutions for customer projects.

The entrepreneur is also a qualified premium reseller of ecoDMS. This company sells document management systems (DMS). It supplies software for the digitization, management and automation of documents.

Huith at b.r.m.

The Bremen-based IT service provider b.r.m. has been associated with Huith IT for a long time. Like most of our employees, Tarek Huith is a career changer. He works as an external employee and takes care of the technology on site at the customer's premises. From installation and commissioning to maintenance work, Tarek Huith works on behalf of b.r.m. and has already satisfied countless customers.

The entrepreneur can shine thanks to his many years of experience in the industry and his enormous expertise. B.r.m. greatly appreciates the work of the service technician and is proud to have found such a strong partner.

Tarek Huith will be happy to answer any questions you may have about him.

The IHK examination board is always on the lookout for new members to ensure that we can continue to secure skilled workers in our region in the future. These members should have extensive specialist knowledge and pedagogical skills.

Previously on the IHK Audit Committee

Harald Rossol has been working on the Bremen Chamber of Industry and Commerce examination board for two months now. He is deployed in the areas of IT and application development 407 and has already examined the first candidates together with his colleagues from the committee.

Harald Rossol is appointed to the Audit Committee of the Bremen Chamber of Commerce for the period from 09.05.2022 to 31.08.2024.

Changes to the IHK Examination Board 

The Audit Committee elects one member as Chairman and one member as Deputy Chairman. However, both bodies must belong to different groups of members. For the Audit Committee to be quorate, at least two thirds of the members must participate. The majority of votes cast then elects the chairperson and deputy chairperson.

Harald Rossol was elected and is now Chairman of the IHK Examination Committee. He has become Chairman for the area of application development. His new position naturally also brings new tasks.

What does a chairperson do on the audit committee?

The chairpersons lead the IHK Examination Committee, meaning they are responsible for the organization and workflow within the committee. They are also responsible for ensuring smooth cooperation.

Mr. Rossol's extensive specialist knowledge and many years of experience in the field of IT make him the perfect candidate to chair the Audit Committee. This is also demonstrated by his award-winning IT service company b.r.m., which is a pioneer in IT security and green IT.

In the age of digitalization and automation, there are always new ICT trends in the world of work. At the end of the year, market researchers, consultants and other experts present their assessments of the trends.

What is an ICT trend?

An ICT trend describes a tendency in information and communication technology. This creates technical gaps, new opportunities, but also challenges. As every new or old trend has an impact on the world of work and must also react to current circumstances, changes can occur quickly.

Ongoing ICT trends

For example, the coronavirus pandemic has led to a significant increase in hybrid working and digital meetings. This change calls for new business models and technologies, but these were very limited due to supply bottlenecks.

Working from home and virtual meetings have put a lot of strain on the IT industry during the lockdown. As a result, the issue of IT security and data protection was initially a disaster with far-reaching consequences.

The shortage of skilled workers has been one of the ICT trends for many years. As a result, many companies are striving to optimize their processes and automate their activities on a large scale.

New trends

According to experts, the use of cloud infrastructures and their services is set to increase further. These are particularly attractive for companies due to the savings and flexibility they offer. In addition, hybrid cloud strategies offer a promising solution. They are a combination of a service application (SaaS) and on-premise data centers. In this way, data protection and the security of exponentially increasing data growth can be guaranteed.

There is also a democratization of technology. Knowledge and skills are becoming more accessible thanks to high-tech platforms. Process automation and open-source AI applications encourage people to contribute their views and expertise and develop solutions. Democratization thus creates basic innovations throughout the organization that provide practical and cultural support.

The IHK Examination Board of the Bremen Chamber of Industry and Commerce sets the examinations in training and further education. But what exactly is it, what tasks do the examiners have and how do you become an examiner?

IHK Examination Board

The Chamber of Industry and Commerce for Bremen and Bremerhaven is responsible for the organization, supervision and assessment of final examinations in the training and further education of the Chamber of Industry and Commerce professions. This involves not only theoretical but also practical parts of the training, which must be completed both orally and in writing.

There are examination boards for the various training courses. The members of the IHK examination board are not members of the Chamber of Industry and Commerce. However, new members are sought not only as examiners, but also as additional experts or as replacements for examiners who are leaving.

Tasks of an auditor

The tasks of an examiner are carried out together with a team of vocational school teachers, employer and employee representatives. The tasks include creating, correcting and assessing examination tasks and papers. In addition, work samples, presentations and documentation are assessed.

How do you become an examiner on the IHK Examination Board?

In order to be considered for appointment to an examination board, a number of requirements must be met. Sufficient professional expertise and a pedagogical flair are fundamental for the examiner. A certain degree of judgment and a sense of responsibility should also be present. The examiner must not be older than 65 years of age, but should have a mature personality.

The owner and managing director of Bremen-based IT service provider b.r.m., Harald Rossol, has been appointed to the examination board by the Bremen Chamber of Commerce. With his excellent experience in this industry, Mr. Rossol will serve on the examination board for IT specialists for application development until August 2024.

Many companies and organizations had significant problems not only due to the coronavirus pandemic, but also in terms of IT security. 2021 was not a good year for IT security, as it revealed significant security gaps and cyber attacks on companies rose sharply, our 2021 review:

Development of cybercrime

In 2021, there was a significant increase in cyberattacks on companies and organizations. This trend has increased significantly since 2020. According to a study by the website Check Point Research, the number of cyberattacks on organizations of all kinds increased by 40%.

The pandemic created enormous time pressure for IT service providers due to the need to make work more flexible. In addition, hacker attacks occurred much more frequently and became increasingly sophisticated. Hackers were often faster than the defenses against them. One massive problem in IT security was the so-called zero day.

Zero-day gap as a major threat

IT systems are constantly evolving and software is therefore usually quickly outdated. New patches bring the devices up to date and close old security gaps.

However, this so-called zero-day included four security flaws in Microsoft Exchange servers, which were inadvertently implemented by the developers due to faulty programming code. This gave the hacker group Hafnium the opportunity to infiltrate and scan thousands of Exchange servers. However, as it has not yet been possible to clarify whether a backdoor was installed, the consequences for the future cannot yet be determined.

What can we learn from this?

You cannot prepare for a zero day, as they can occur anywhere and undetected. However, you can comply with data protection rules in accordance with the GDPR. There are two versions of this: privacy by design and privacy by default. The latter describes settings that are data protection-friendly by default. Privacy by design describes the data protection processes that are best complied with if they have already been technically integrated during development. A double locked door, so to speak.

However, this requires a reliable IT security policy. This relies not only on progressive technology, but also on an appropriate firewall. IT security is defined by continuous updates and qualitative combating of security gaps.

Review 2021: IT security is a very dominant topic in the IT industry and is associated with a constant striving for quality. In addition to process digitization, increasing the speed of data management and developing digital products is also a challenge for future IT.

Post-growth & green IT - b.r.m. in Thega's resource efficiency event series. As part of the "Resource Efficiency Qualification", Thega from Thuringia offers further training for consultants. This is carried out with the support of the Thuringian Ministry of the Environment's State Initiative for Resource Conservation. In what is now the third block of the series, practical examples will be discussed and we are particularly pleased that Mr. Harald Rossol will be able to present b.r.m. and the award-winning green IT data center.

Qualification for resource efficiency through the Thega

SMEs can receive funding for resource efficiency measures through the Thuringian GREEN Invest funding program. The consultancy itself is also supported. Thega's series of events focuses on the continuous training of experts in the field of resource efficiency. In particular, the methods and instruments for analyzing and increasing resource efficiency in production processes are addressed. Theory and practice will be discussed over a total of 6 days. On 27.04.2022, various practical examples of resource efficiency will be presented, including b.r.m.'s green IT data center.

Energy and resource efficiency in data centers - Green IT

The environment and IT must not and should not be thought of separately. The energy costs of IT systems are still not recorded separately and therefore cannot be optimized.

The focus of new IT systems is on energy efficiency while maintaining high quality and security. We have developed a cost-effective operating concept that can save more than 60% energy - using standard market software and server components.

b.r.m. is a pioneer in green IT and helped develop the 'Blue Angel' certificate for energy-efficient data centers in collaboration with the German Federal Ministry for the Environment, Nature Conservation and Nuclear Safety and the German Federal Environment Agency. Our energy-efficient data center has been certified for quality, environment and occupational safety with its integrated management system according to 'ecostep' since 2005. In the same breath, the association blühfläche.de e.V. should also be mentioned, which is committed to the preservation and development of flowering areas and strips in northern Germany.

Post-growth leads to sustainable companies

These and other companies are synonymous with the efficient use of resources and their careful handling under the term post-growth. The fact that post-growth & green IT is also represented by b.r.m. at the Thega series of events on resource efficiency is naturally a particular pleasure for us. The basic idea behind the alternative economic model "post-growth economy" is that the economy should also function without growth. The current competition in the economy, which is all about faster, higher and further, is depleting natural resources.

As early as 1972, the Club of Rome warned of the consequences of unchecked economic growth. The path to post-growth can begin with small steps. For example, reducing output can lead to an improvement in quality. Certain products and services should be offered less, but in higher quality. 

This topic was also recently discussed in Impulse magazine, in whose article. b.r.m. is also cited as an example. Interested readers can find these articles here.

In an increasingly digital world, modern IT services are more in demand than ever, as is an attitude towards solid IT security. In addition to qualitative and rapid processing of upcoming tasks by effective service providers, the area of data and network security, or IT security for short, is still an often underestimated sub-area.

As stated by our expert partner Sonicwall in the latest annual report, cyber attacks by ransomware and encrypted threats are increasing significantly. Ransomware attacks in particular have risen by 105% compared to the previous year and by as much as 232% compared to 2019.

In addition to our data protection resources through Harald Rossol and Thorsten Brendel, we also have extensive expertise in IT security and GDPR. Together with our partners, we have the concepts to keep your security up to date.

Ransomware - money or computer?

The method of extorting a 'ransom' by blocking the computer has increased considerably in recent years. The user of a computer then only sees the attackers' 'ransom note' on the monitor. The particularly perfidious thing about this is that if the victim agrees to the demand, their computer usually remains blocked anyway. It is therefore very rare to be able to 'buy your way out'.

Ransomware no longer affects just one operating system. Whether Linux, Mac OS or Windows, all users are affected by this digital form of highway robbery. There have also long been many instructions for building ransomware, known as 'crimeware kits', on the DarkNet. Ransomware usually does not encrypt the entire computer, but rather the data that is important to the user, such as the 'My Documents' folder under Windows.

Protection against ransomware is similar to protection against other viruses or Trojans. For example, a user receives an email with the attachment of an unpaid invoice, with a threat of punishment from the Federal Criminal Police Office, or with alleged usage violations by GEMA. Anyone who opens such an attachment has then handed the blackmailers the 'house key' themselves.

You should therefore NEVER open an e-mail attachment that does not come from an absolutely trustworthy source. GEMA and the BKA still use the good old letter post. It is also important to regularly back up all relevant data on external data carriers, as this keeps it out of reach of the blackmailers. Browsers can be protected against the execution of Java commands by installing applications such as 'NoScript', and ad blockers also offer increased protection.

Firewall: Overcoming walls

A program must always open a 'port' - or at least a porthole - if its generated content is also to be visible on other monitors worldwide. As in the case of a homepage, for example. Where something can leave such a 'port' or 'harbor' into the virtual world, something can of course also enter it. This is why 'firewalls' were created to protect a computer from unwanted access from the network. These security programs make sure that only the desired guests enter the home port according to defined rules. As a rule, every access must overcome two such protective walls: the first at the provider, the second at the client on the network computer.

Privacy by design - IT security as a holistic concept

The two terms 'privacy by design' and 'privacy by default' are older than the new General Data Protection Regulation (GDPR). However, the law has given them a whole new meaning (Art. 25 GDPR).

'Privacy by design' means that the technical structure of a data processing system must be designed in such a way that data protection is automatically integrated into the system. In other words, data protection and IT security must be a system feature. This is done through the 'Technical and Organizational Measures' (TOM) when installing the computers and implementing their programs. This is the manufacturer's turn.

'As quickly as possible', 'create transparency', 'minimize', 'enable' - all phrases that have so far created little more than a wide scope for interpretation.
In short, the rule of 'privacy by design' does not allow for a standardized answer; it depends on the respective data protection requirements. However, it is clear that the possible requirements of the GDPR must be taken into account when setting up a data processing system and when selecting and implementing the technology and software used.

Interested readers can find the complete Cyber Thread Report 2022 from our partner Sonicwall here.