NIS 2 Directive: Challenges and Solutions for Businesses – Enhancing Cybersecurity with TeamViewer
27 August 2024

NIS 2 Directive for companies

The NIS 2 Directive (Network and Information Security Directive) is intended to significantly improve cyber security throughout the European Union from October 2024.
For companies, this essentially means tightening up their IT security.
From now on, companies will have to carry out systematic risk assessments of their IT infrastructure and software and implement suitable security measures based on the results.
Particular attention is paid to the responsibility of management: the directive requires top management to be actively involved in the monitoring and implementation of security controls.
In addition, managers can now be held personally liable in the event of security breaches.
This regulation shows how seriously the EU takes the threat of cyber attacks.
Not only that: it underlines the need to consider cyber security as a central task of corporate management.

What is the NIS 2 directive?

The NIS 2 Directive is a further development of the European Union’s original NIS Directive from 2016.
Some of the main changes in NIS 2 compared to the first directive is the expansion of the scope of application.
In detail, this means that the NIS 2 Directive now covers a much wider range of sectors and companies:

  • Expansion of the sectors affected: While the original NIS Directive mainly covered critical infrastructures such as energy, transportation, healthcare and financial services, the NIS 2 Directive goes beyond this.
    It now also includes sectors such as digital service providers (e.g. cloud service providers and online marketplaces), postal and courier services, public administrations and even waste management.
  • Categorization of companies: The NIS 2 distinguishes between “essential” and “important” companies.
    “Essential” companies are those that provide critical services whose failure would have a significant social or economic impact.
    “Important” companies are those whose failure would also have significant but somewhat less critical consequences.
  • Increased requirements and reporting obligations: Compared to the original directive, all affected companies must now implement more detailed and faster cyber security measures.
    This includes the obligation to report cyberattacks or hacker attacks within 24 hours and to submit a comprehensive report within 72 hours.

Extended state supervision under the NIS 2 Directive

The NIS 2 Directive also places a strong focus on increased state supervision, particularly in critical infrastructures.
This supervision is intended to monitor the consistent implementation of the directive.
For this reason, all companies that fall under NIS 2 are obliged to register with the relevant authorities.
In Germany, this task is carried out by the Federal Office for Information Security (BSI).

Another key component of extended state supervision is the obligation for companies to provide evidence of compliance with safety requirements.
This evidence can be provided in the form of internal and external audits, test reports and other documentation.

The powers of the state supervisory authorities will also be extended.
From now on, the BSI and other competent authorities will have the right to carry out unannounced inspections, request evidence and information and investigate security incidents.

At the same time, the NIS 2 Directive promotes cooperation between national authorities within the EU.
This cooperation is crucial for uniform enforcement of the directive and cross-border combating of cyber threats.

Which companies are affected by the NIS 2 Directive?

In Germany, the companies concerned can be divided into four main categories:

  • Operators of critical facilities (KRITIS)
  • Particularly important facilities
  • Important facilities
  • Federal institutions
1. operators of critical facilities (KRITIS)

These companies play a central role in the national infrastructure.
Their failure would have serious social and economic consequences.
KRITIS includes:

  • Energy suppliers: Companies that provide electricity, gas or oil and supply at least 500,000 people.
  • Healthcare providers: Hospitals and other healthcare facilities.
  • Transportation services: Operators of airports, railroads and ports.
  • Water management: Companies that are responsible for the supply of drinking water and the disposal of wastewater.
2. particularly important facilities

These facilities are classified as particularly important due to their size and importance.
They must either exceed a certain number of employees or reach a certain economic threshold:

  • Large companies: Companies with more than 250 employees or an annual turnover of more than 50 million euros and a balance sheet total of more than 43 million euros.
  • Special cases: These include providers of trust services, top-level domain registrars (TLDs), domain name system (DNS) providers and telecommunications providers that provide special services.
3. important facilities

This includes all companies that play a key role in the economy but do not reach the size or significance of “particularly important institutions”:

  • Medium-sized companies: Companies with more than 50 employees or an annual turnover of more than 10 million euros and a balance sheet total of more than 10 million euros.
  • Trust services: These include providers of services that ensure trust in digital transactions, such as electronic signatures.
4. federal institutions

In addition to private and commercial companies, certain government institutions are also covered by the NIS 2 Directive.
These institutions are responsible for the provision of essential government services and must therefore also meet stricter security requirements from now on.

How must NIS 2 be implemented?

In order to meet the requirements of NIS 2, the companies concerned must:

  1. Carry out a thorough risk assessment of their IT systems and data.
    This should identify potential threats and vulnerabilities.
    The risk assessment must be updated regularly.
  2. Develop and implement security guidelines: Based on the results of the risk assessment , specific security policies need to be developed.
    These policies should include technical measures such as encryption technologies to secure sensitive data and the introduction of multi-factor authentication (MFA) to prevent unauthorized access.
  3. Set up technical measures.
    These include     :
  • Data encryption
  • Multi-factor authentication
  • Regular security updates
  1. Develop organizational measures.
    These include
  • Regular employee training and awareness-raising.
  • Protocols for incident management
  1. Set up an incident management system to quickly identify, report and resolve security incidents.
    This also includes the obligation to report incidents to the relevant authorities within certain deadlines.

 

  1. provide evidence of compliance with the security requirements.
    Operators of critical facilities or infrastructures (KRITIS) are subject to mandatory audits every three years, while other facilities are subject to mandatory documentation and random inspections by the authorities.

Significance of the NIS 2 directive for companies with Teamviewer

In general, the NIS 2 Directive poses new challenges for all companies that work with software and personal data – especially software manufacturers.
After all, the directive requires companies to focus their software development and use more strongly on security aspects in order to do justice to the issue of cybersecurity.
But what happens when other software is used to grant remote access to other people’s computers?
Companies that use TeamViewer for this purpose must now ensure that the use of the tool fully complies with the requirements of NIS 2.

In concrete terms, this means

  • Only authorized users may have access to critical systems.
  • Multi-factor authentication (MFA) and encrypted sessions must be set up for this.
  • All access and remote sessions must be logged precisely.
  • An incident management system must be in place to quickly detect and report security incidents.

How TeamViewer helps with NIS 2 compliance

TeamViewer has already made provisions for this.
The software contains numerous functions that are directly geared towards compliance with the NIS 2 directive.
These are

Increased security and compliance

  • Remote Access Control: TeamViewer can be configured to meet the security requirements of NIS 2.
    This includes features such as multi-factor authentication (MFA), encrypted sessions and granular access controls.
    This means that only authorized persons have access to critical systems.
  • Audit and monitoring: All remote sessions are accurately recorded and logged.

Incident Response and Management

  • Rapid response: In the event of a cyberattack, TeamViewer allows you to respond quickly from a distance.
    IT teams can immediately access affected systems, diagnose damage, make corrections and take security measures.
    The faster you react, the less damage is caused.
  • Collaboration tools: Teamviewer’s collaboration functions allow several experts to work together in real time on a problem and solve it.

Resilience and continuity

  • Remote support for critical infrastructures: TeamViewer can also be used to maintain critical services.
  • Business continuity planning: As part of a wider business continuity strategy, TeamViewer ensures that remote working and support runs seamlessly to keep the business running – another key point of NIS 2 compliance.

Training and awareness

  • Secure remote training: The functions of TeamViewer can be used for remote training of employees – especially to train the contents of the NIS 2 directive.

All these functions make TeamViewer a useful tool for companies that want to bring their IT security in line with the requirements of the NIS 2 directive.
And who also want to ensure that their remote access will continue to be secure and controlled in the future.

Contact

Get ready for the NIS 2 Directive! Learn how to secure your business and stay compliant with the new regulations. Discover how TeamViewer can help you enhance your cybersecurity. Contact our product manager Greg Clarke today for a personalized consultation!

Contact us
Wichtige Eckdaten:
  • Verfügbarkeit: Nutzer von E-Commerce und der Testversion haben sofortigen Zugriff. Nutzer ohne E-Commerce-Zugang müssen ihren Administrator darum bitten, die Funktionen der generativen KI über die Admin-App zu aktivieren.
  • Genauigkeit: Da es sich um eine Beta-Funktion handelt, können die Antworten vereinzelt Ungenauigkeiten oder Inkonsistenzen aufweisen. Durch kontinuierliche Updates wird jedoch eine stetige Verbesserung der Zuverlässigkeit angestrebt.
  • Datenschutz und Sicherheit: Dokumenteninhalte werden während der Verarbeitung temporär gespeichert und nach Abschluss der Aufgabe umgehend gelöscht. Nutzerdaten werden nicht zur Schulung von KI-Modellen verwendet.
  • Beta-Status: Der Dokumentenassistent befindet sich derzeit in der Beta-Phase. Obwohl die Funktion vollständig einsatzfähig ist, wird sie fortlaufend weiterentwickelt. Das Feedback der Nutzer spielt eine entscheidende Rolle für die weitere Optimierung.

Zugang zum Nitro Dokumentenassistenten

Der Einstieg in den Nitro Dokumentenassistenten ist unkompliziert. Das Tool unterstützt PDF-Dateien mit einer maximalen Größe von 25 MB. Folgen Sie diesen Schritten:

  • Öffnen Sie Nitro Workspace und navigieren Sie zum Bereich „Tools“.
  • Klicken Sie auf das Symbol „Dokumentenassistent“.
  • Laden Sie das Dokument hoch, indem Sie eine Datei auswählen oder die Drag-and-Drop-Funktion nutzen.

So meistern Sie den Nitro Dokumentenassistenten

Nach dem Hochladen eines Dokuments erstellt der Nitro Dokumentenassistent eine Zusammenfassung und schlägt erste Fragen für die Interaktion vor.
Für maßgeschneiderte Anfragen wird den Nutzern empfohlen, ihre Eingaben klar, präzise und spezifisch zu formulieren. Hier einige Beispiele für mögliche Anfragen:

  • Fasse dieses Dokument für mich zusammen.
  • Fasse es stichpunktartig zusammen.
  • Fasse dieses Dokument für mich auf Spanisch zusammen.
  • Liste die externen Quellen auf, die in diesem Dokument genannt werden.
  • Finde Inhalte zu den Zahlungsbedingungen in diesem Vertrag.
  • Erkläre mir die wichtigsten Punkte [dieses Vertrags] in einfacher Sprache.
  • Schreibe dieses [Benutzerhandbuch] als FAQ um.
  • [In diesem französischen Mietwagenvertrag] Kann ich eine Debitkarte verwenden, um ein Auto zu mieten? Antworte bitte auf Englisch.

Wichtige Hinweise zu Sicherheit und Datenschutz für Ihre Kunden

Nitro legt großen Wert auf Sicherheit und Datenschutz. Dokumente werden während der Verarbeitung nur vorübergehend gespeichert und nach Abschluss des Vorgangs sofort gelöscht. Zudem stellt Nitro sicher, dass Kundendokumente niemals zur Schulung von KI-Modellen verwendet werden. Diese Maßnahmen schützen sensible Informationen und geben Ihren Kunden ein beruhigendes Gefühl.
So verbessern Sie den Nitro Dokumentenassistenten
Nitro schätzt das Feedback der Nutzer zur kontinuierlichen Verbesserung des Dokumentenassistenten. Nach jeder Interaktion werden die Nutzer gefragt: „War dies hilfreich?“ Sie können mit „Daumen hoch“ oder „Daumen runter“ antworten.
Für detaillierteres Feedback können die Nutzer die Feedback-Seite des Nitro Knowledge Assistant besuchen, um zur Weiterentwicklung des Tools beizutragen.

Ermöglichen Sie Ihren Kunden Erfolg mit Nitro, unterstützt durch KI

Der Nitro Dokumentenassistent ist ein wertvolles Tool, um Ihren Kunden zu helfen, ihre Dokumentenabläufe zu optimieren. Ob sie Nitro zum ersten Mal ausprobieren oder von einem anderen PDF-Anbieter wechseln, diese KI-gestützte Funktion zeigt Nitro’s Engagement für Innovation.

Wenn Sie Fragen zu Nitro-Lizenzen oder erfolgreichen Verkaufsstrategien für Nitro-Lösungen haben, wenden Sie sich an das Team von QBS. Wir unterstützen Sie gerne auf Ihrem Weg zum Erfolg mit Nitro!

 

Kontakt aufnehmen