Spring naar hoofd-inhoud

IT Security Act: Software Updates Are Now Required by Law in Germany

Information technology continues to evolve rapidly and the associated threats and risks evolve along with it. In response to new critical vulnerabilities in all kinds of IT infrastructure, the German Federal Government enacted the 2015 IT Security Act (IT-Sicherheitsgesetz) which has been fully in force since 2017. The act makes it mandatory to keep critical software infrastructure–including websites–secure, including using updated, supported versions. The law aims to make infrastructure safer and protect users and their sensitive data. Website owners whose sites are in infringement of the the legislation face potentially stiff penalties.

If you’re not sure about the state of your website, get in touch with TYPO3 GmbH to find out more about keeping it secure and up-to-date.

Mandatory updates, mitigating risks

The law aims to help prevent loss of control over critical IT systems and infrastructure. Recent cyber-attacks have shown not only how vulnerable websites and other systems are, but also how severe the consequences can be.

The new German cyber-security law orders operators of critical infrastructures to implement specific IT security standards, and also introduced the obligation to report serious IT security incidents or face penalties. With news of credit card data loss, online fraud, identity theft, and more almost daily, we can see that website owners fall into the legal category “operators of critical infrastructure.” One of the easiest and most effective ways to maximize website security and stability is using up-to-date and supported software.

Websites as critical infrastructure

The definition of “operators of critical infrastructure” is those who provide services of general interest. It’s easy to see that this definition applies to those whose facilities are of high importance and whose outage or impairment would cause significant supply shortfalls, impair everyday life, or even endanger public safety. This obviously applies to services like energy, water, health care, transportation, and traffic. Telecommunication and information technologies–including websites–have become just as much a part of critical infrastructure today. With business processes almost entirely reliant on computers and websites, many organisations simply cannot function without them.

Safeguarding critical information technology is now mandatory. Organizations must do their part in protecting and securing all their systems to the best of their ability.

Prevention is better (and cheaper) than cure

Running a website on outdated software has become not just a question of “best practices,” but is now also a legal issue. The IT Security Act requires website owners to adopt adequate technical and organizational measures against unauthorized access of any kind. Picture what the loss of business-critical information could be to you. What would it it cost you per hour or per day if your site went down? And the cost of fixing that asap? Don’t just consider the monetary cost of lost business now; what about the loss of trust and reputation with your customers?

Compare all of that to the peace of mind of getting your site up-to-date today and secure in the long term. And you can. One easy and effective measure for staying on top of maintenance and security is using current versions of supported and maintained software and installing updates when they come out.

Maintained, supported, secure: TYPO3 CMS

TYPO3 CMS is a great choice in this context. It is actively maintained, has clearly defined update and support cycles, and is backed both by its developer and service provider communities. The community supports every Long Term Support (LTS) version of the CMS for three years after release with security and bug fix releases. A new, stable, major version of TYPO3 CMS is released every 18 months. This means that there are always two stable, supported versions available.

Furthermore, TYPO3 GmbH backs the CMS with further services, including project reviews to get a clear picture of the state of your website, focusing especially on security and stability. TYPO3 GmbH also offers Extended Long Term Support to keep older versions of the CMS secure while you prepare for upgrades and can introduce you to the right web agency partner or freelancer to help make that happen. Secure the business value of your site by choosing TYPO3 CMS and keep your business on the right side of your legal obligations.

Get in touch with us at TYPO3 GmbH to find out more about keeping your critical infrastructure secure and up-to-date.