|We are now TISAX certified||https://aec.cz/en/news/Pages/we-are-now-tisax-certified.aspx||We are now TISAX certified||<p>We have recently added another important standard to the list of our security certifications. Following the implementation of all necessary measures and subsequent verification by auditors, we have obtained TISAX® certification. This is a German security standard that guarantees the trustworthiness of organizations and their ability to protect the information of automotive industry partners.
</p><p>“Our efforts to obtain TISAX® certification were helped considerably by the fact that we have long been compliant with the current international ISO/IEC 27001 standard, which defines the requirements for information security management systems,” noted Hana Vystavělová, AEC Compliance Manager, who added: “As a company that offers its clients the highest level of cyber security, information security comes first.”
</p><p>Over time, representatives of the automotive industry have come to demand the systematic and trustworthy information security assessment of partners in the form of TISAX® (Trusted Information Security Assessment Exchange) certification. The reason for this is the growing amount and importance of sensitive information exchanged and processed between automotive service providers and suppliers.
</p><p>The TISAX® certification guarantees AEC's ability to protect the information of our clients and associates and minimize cyber risks. This confirms our ability to meet the most demanding customer requirements, including preventing misunderstandings and risks when exchanging information and protecting prototype <a href="https://portal.enx.com/en-US/TISAX/tisaxassessmentresults/?fbclid=IwAR0qPrh1b-SINsf80FlvVsEJkV945pC6ikH_RZENda7AhiP-kpl7mu6MxdU" target="_blank">the ENX portal</a>. </p><p style="text-align:center;">
<img class="maxWidthImage" src="/cz/PublishingImages/news/2022/aec-tisax-statement-2022.jpg" data-themekey="#" alt="TISAX" style="margin:5px;width:658px;" />
|An open letter from the Chairs of KKCG||https://aec.cz/en/news/Pages/an-open-letter-from-the-chairs-of-kkcg.aspx||An open letter from the Chairs of KKCG||<p>Everyone at KKCG and Allwyn Entertainment remains horrified by Russia’s brutal invasion of Ukraine. It is a senseless act of aggression that must be condemned in the strongest possible terms, and we are doing all we can to support the brave Ukrainians impacted by the barbarism of Vladimir Putin’s regime.
</p><p>As Czech companies with tremendous pride in our heritage, the past week has been a bleak reminder of the hard-fought freedoms our country only recently reclaimed after spending years under the jackboot of Soviet oppression. Many of our employees – including us personally – were raised under communism and the totalitarian shadow of the Soviet Union. Despite being wrapped in this straightjacket, we long dreamt of living, working and raising our own families in a Czech Republic that valued freedom, openness and democracy.
</p><p>That’s why we must now stand shoulder-to-shoulder in total solidarity with the Ukrainian people to protect the democratic values upon which our modern societies are built. We cannot and will not stand for the brutal imperialism that is once again rearing its ugly head on our doorstep.
</p><p>Now is the time to listen to the people of Ukraine and do everything in our power to support them. Hundreds of thousands of people with nowhere to stay are fleeing eastern and central Ukraine for the Lviv area. Through the Komárek Family Foundation and our partner in Lviv, we are supporting efforts to prepare for the arrival of large numbers of refugees by ensuring these people have a safe and warm place to sleep and be fed. Trucks equipped with durable food, mattresses, sleeping bags, camping mats, hygiene products, and other supplies are currently arriving in the area. One of the Group's offices in Prague is already being converted to a safe centre for Ukrainian refugees.
</p><p>Allwyn Entertainment’s lotteries are raising funds for Red Cross and employees are being encouraged to engage in volunteer work. Humanitarian and financial support will continue as long as it is needed.
</p><p>We also believe that any friends of the Putin regime must also be excluded from our democratic societies. We’ve already seen many cultural and sporting institutions take important action, and through our continued support for Dvořákova Praha – Prague’s international music festival – we have also banned Kremlin linked musicians, including the composer Valerije Gergiev, a known supporter of Putin, from performing.
</p><p>We recognise that these are only small acts in comparison to the thousands of brave Ukrainians who have taken up arms to defend their homeland and freedoms. However, we believe it’s the responsibility of anyone who values free and democratic values to play their part, no matter how big or small. It is critical that we all speak out.
</p><p>Karel Komarek, KKCG <br>
Robert Chvátal, Allwyn Entertainment
|We’ve prepared preventive recommendations regarding current security threats in cyberspace||https://aec.cz/en/news/Pages/weve-prepared-preventive-recommendations-regarding-current-security-threats-in-cyberspace.aspx||We’ve prepared preventive recommendations regarding current security threats in cyberspace||<p>
<strong style="color:#6773b6;"><span style="color:#6773b6;">The conflict between the Russian Federation and Ukraine involves not only the armed forces of both countries, but the war is also increasingly affecting cyberspace. Hacker groups on both sides have launched massive cyberattacks and it is already clear that the unprecedented level of aggression is also focused on IT targets in countries that are not directly involved in the dispute.</span></strong><br></p><p>Attacks are currently targeting critical infrastructure, especially in the field of public administration, the government, energy and healthcare, but attacks on other important sectors cannot be ruled out. We’ve therefore decided to respond to the current situation before our clients start contacting us about possible preventive measures.<br><br> </p><h2>The following attacks can be expected at this time:</h2><ul><li>use of social engineering techniques (<a href="https://www.antivirus.cz/Blog/Stranky/co-je-phishing.aspx">phishing</a>, vishing, smishing), </li><li>misuse of leaked login data from other services</li><li>attacks on supply services,</li><li>distributed denial of service (DDoS) attacks.</li></ul>
<p>The access point in most attacks is the user or user device. Therefore, we will divide our recommendations on how to boost cyber security into recommendations aimed at regular users and corporate infrastructure and processes.<br><br> </p><h1>We recommend the immediate implementation of activities in the following areas for users:</h1><h2>1. Education<br></h2><ul><li>Regardless of the ongoing conflict, it is vital to systematically increase the resilience of users, especially in their recognition of phishing, vishing and smishing.</li><li>You will find news regarding the current situation on our blog
<a href="https://www.antivirus.cz/">antivirus.cz</a> (in Czech language only).<br></li><li>At this moment, we are releasing one of our
<a href="https://edu.aec.cz/">Security Academy</a> courses on phishing free of charge.<br></li></ul><center>
<iframe width="560" height="315" src="https://www.youtube.com/embed/qw_fw5Fqaic" title="YouTube video player" frameborder="0" allowfullscreen=""></iframe></center>
<h2>2. Work with passwords and login details in general</h2><ul><li>Encourage the use of secure passwords (at least 12 characters, uppercase and lowercase letters, numbers and special characters). Change your passwords regularly, don't wait until they are compromised.</li><li>Use different passwords for different accounts (you can't use the same password for social networks and the corporate environment).</li><li>We recommend immediately activating two-factor authentication for all services, where possible (not just services in the corporate environment, but also free mail, social networks, cloud services).</li><li>
<span style="color:#6773b6;">We are preparing further details in the form of more intensive communication in this area.</span></em> </li></ul>
<h2>3. Update user systems<br></h2><ul><li>Right now is the best time to upload the latest versions and patches to all user devices, including private ones.</li><li>In general, it is important to keep operating systems up to date, as well as the individual applications you use, both on your computer and on your phone, tablet, wearables, etc.</li></ul>
<h2>4. Reporting security events and incidents<br></h2><ul><li>Users need to know exactly how and where to report a security incident and what to do before getting a response to their report.</li></ul>
<h1>We recommend the following preventive measures at corporate infrastructure level:<br></h1><h2>1. In the area of communication infrastructure<br></h2><h3>a. Ensure that incoming and outgoing communications are blocked based on geolocation.</h3><ul><li>We prefer whitelisting areas where you have active clientele, or</li><li>blacklisting areas where you have no activities.</li></ul><h3>b. Establish a strict antispam policy.</h3><ul><li>If possible, whitelist the domains from which e-mail communication originates.</li><li>Activate an antispam solution, if available (e.g., MS Intune).</li><li>Restrict the receipt of external e-mail messages from your own domain. </li><li>Monitor the frequency of e-mail messages; ensure the anti-spam policy has not been breached and that phishing messages have not been spread within the internal network.</li></ul><p>(In terms of the last point, we recommend setting a frequency monitoring limit for current accounts. For example, a maximum of 5 recipients per email, or a maximum of 20 recipients per email for personal and marketing accounts, Inform the user of this fact.)<br><br> </p><h2>2. Monitoring and incident management</h2><h3>a. Ensure increased visibility across the entire infrastructure, including OT devices</h3><p>(monitor activities using EDR on end stations, internet facing servers, critical servers, etc.).</p><h3>b. Improve processes for a quick response.</h3><ul><li>This is primarily an incident management procedure for managing cyber incidents in connection with reported incidents by users.</li><li>Scenarios or checklists will also help determine how to proceed in the event of a reported incident in typical situations (on user devices, OT equipment, maintenance tablets, etc.).</li></ul>
<h2>3. Setting multi-factor authentication and conditional access</h2><p>(in case of the O365 Premium license and higher, this is free as part of the licence).<br><br> </p><h2>4. Vulnerability management</h2><p>a. Apply all critical patches immediately.</p><p>b. Activate patch management procedures. Reconsider any patches that have not yet been implemented, assuming you accepted the risk at the time. Is this still valid?</p><p>c. Actively monitor vulnerabilities in the infrastructure and hardening individual platforms according to CIS recommendations (primarily for internet facing servers).</p><p>
<br>The question of defence against DDoS attacks, i.e., attacks aimed at disabling services, is so complicated that in most cases it will require
<a href="/en/contact">personal consultation</a>. At cloud service level, there are suitable solutions, and global load balancing or filtering incoming communication can help in case of on-prem infrastructure.</p>
<table width="75%" border="3px" background="#6773b6" bordercolor="#6773b6" cellspacing="0" style="text-align:center;"><tbody><tr><td valign="middle" bgcolor="#6773b6">
<span style="color:#ffffff;"><span style="color:#ffff00;">Help Ukraine</span><br></span></h1>
<strong>The Karel Komárek Family Foundation crisis fund was established in response to specific needs identified by Ukrainian co-workers at our sister company MND, which operates in western Ukraine.</strong><br></p>
<a href="https://www.komarekfoundation.org/en/vision/pomoc-ukrajine" target="_blank"><span style="color:#ffff00;">https://www.komarekfoundation.org/en/vision/pomoc-ukrajine</span></a></h2>
<br>100 % of donations go to direct aid.</p>
<span style="color:#ffff00;">THANK YOU!</span><br></p>
<br> </span> </td></tr></tbody></table></center><p></p><p class="maxWidthImage" style="text-align:center;"><a href="https://www.komarekfoundation.org/en/vision/pomoc-ukrajine" target="_blank"><img src="/cz/PublishingImages/news/2022/kkff-ukrajina-en.jpg" data-themekey="#" alt="" style="margin:5px;width:658px;" /></a><br></p><br><br>|