Article Mar 12, 2024

The Pexip security team shares top 3 tips for getting NIS2 ready

Pexip

Mar 12, 2024

Pexip

With the EU’s latest cyber security directive deadline looming, companies are now getting their ducks in a row to secure NIS2 compliance. This is a journey that Pexip is also on, and our security team shares some important tips for how to get started.

With NIS2, the EU is expanding the reach of their cyber security legislation, both in terms of the types of industries in scope, as well as the risk management and cyber preparedness measures required.

NIS2 officially goes into effect on 17 October 2024, giving companies the next few months to determine if they are impacted by the directive and how. Compliance will take dedicated effort across an organization, requiring leaders especially to allocate enough time and budget to boost their company’s level of cyber security maturity.

Pexip’s security experts have a few tips for companies embarking on their NIS2 journeys, here's what they recommend:

Tip #1: Conduct an applicability assessment

You need to know how NIS2 affects your company. Are you in scope? Which products are impacted? And where are you on the scale of criticality, in terms of your company’s societal role and relevance of your products and services. All of this must be well understood and carefully evaluated before you start implementing any new frameworks to the organization.

Tip #2: Look to ISO 27001 to set your baseline

NIS2 has high-level cyber security requirements for impacted organizations. For companies that haven’t yet implemented a cyber security management framework, a good first step is to look at ISO 27001. By implementing this international standard to manage information security, your company will be compliant with most of the baseline security measures required by NIS2. There are of course some requirements in NIS2 not covered by ISO 27001, such as incident reporting withing 24 hours and supply chain security, which will require additional resources and planning.

Tip #3: Ensure senior management accountability

It’s critical that senior management take responsibility for NIS2 compliance, as they can be deemed personally liable in the event of a violation. To meet this requirement, it’s key that company leaders take NIS2 seriously by stepping up their cyber security approach and allocating both budget and resources to cyber risk management and business continuity.

The importance of business continuity planning in NIS2

One of the key areas within NIS2 is the business continuity of ICT systems. The directive requires companies to be able to answer the question: what happens when your ICT systems are compromised?

It’s in this part of the NIS2 directive in which video conferencing becomes very relevant. Video communication and collaboration has become a staple of the average workday, and if compromised the company can suffer significant productivity losses. This is why it’s important to have a plan in place, and the right technology available no matter the incident.

Pexip has taken a proactive position in the business continuity area, ensuring that its product can be made available even in the event of a cyber-attack and/or system failure. Customers opting for Pexip’s business continuity solution can simply activate Pexip’s video conferencing solution at the time of the incident, running a self-hosted version of Pexip scaled to meet the communication needs of the company.

At Pexip, we see that our customers are increasingly prioritizing cyber security and risk management. For this, they may opt for an always-on secure meeting option – available alongside their regular video meeting option. Having a secure meeting solution readily accessible for all employees is a way to minimize the risk of cyber breaches and ensure the right level of protection for the types of meetings you have.

Get started on your business continuity planning. We’re here to help you ensure video communication and collaboration no matter what. Find out more here.

Topics: