Insights

Cybersecurity Blog

Analyses, practical tips and assessments from the world of IT security.

NIS2 Directive: The Complete Guide for Businesses in Germany

NIS2 has been in effect since October 2024 and affects up to 30,000 German companies. This guide explains who is affected, all 10 security requirements under Article 21, reporting obligations, fines, and how to implement NIS2 step by step.

Chris Wojzechowski

March 4, 202620 min read

Read article

204 articles total - Page 2 of 30

Compliance & Standards

GDPR and IT Security: Technical Measures under Art. 32

Article 32 of the GDPR requires appropriate technical and organizational measures (TOMs). This practical guide explains encryption, access controls, pseudonymization, privacy by design (Article 25), backup strategies, and why penetration tests serve as direct proof of GDPR compliance.

Chris Wojzechowski

March 6, 202618 min read

Security Awareness

Recognizing Phishing: The Complete Protection Guide for Businesses

How to spot phishing emails, respond correctly, and protect your business. Includes a checklist, immediate steps to take after clicking a link, and FAQs.

Chris Wojzechowski

March 5, 202612 min read

Network & Endpoint Security

Active Directory Security Audit: Finding and Closing Attack Paths in AD

Active Directory is the most common target of corporate attacks—whoever controls AD controls everything. This guide explains how to structure an AD security audit: Kerberoasting, Pass-the-Hash, DCSync, BloodHound analysis, the tiered admin model, LAPS, and Protected Users. Includes specific PowerShell queries and an audit checklist.

Vincent Heinen

March 4, 202612 min read

Network & Endpoint Security

DMARC Implementation: Step-by-Step from p=none to p=reject

DMARC (Domain-based Message Authentication, Reporting, and Conformance) protects your domain from email spoofing and phishing. This guide walks you through the entire DMARC rollout: SPF and DKIM as prerequisites, configuring the DMARC record, reporting analysis with forensic and aggregate reports, and step-by-step policy tightening from p=none to p=quarantine to p=reject. It also covers common pitfalls and DMARC monitoring tools.

Vincent Heinen

March 4, 202610 min read

Network & Endpoint Security

Identity Threat Detection and Response (ITDR): Detecting and Defending Against Identity Attacks

Identity Threat Detection and Response (ITDR) is the new security discipline for attacks on identity systems: Active Directory, Azure AD/Entra ID, and IAM platforms. This guide explains why traditional SIEM rules often overlook identity attacks (Golden Ticket, DCSync, Pass-the-Hash, MFA bypass), how ITDR solutions (Microsoft Defender for Identity, Silverfort, Illusive) close the gap, and which detection use cases and countermeasures organizations should prioritize.

Jan Hörnemann

March 4, 202611 min read

Security Awareness

Password Manager Comparison 2026: KeePass, Bitwarden, 1Password & More

Which password manager is right for you? A comparison of KeePassXC, Bitwarden, 1Password, and Steganos. Plus: mobile solutions, NFC cards, and recommendations for businesses.

Chris Wojzechowski

March 4, 202610 min read