Cyber security of companies is a legal obligation in accordance with KVKK + 5651 + sector legislation.
Basic Precautions
- Firewall (hardware/software)
- Antivirus/EDR
- Backup (3-2-1 rule)
- Encryption (database, transport)
- 2FA all in accounts
- Access management
- Patch management (updates)
- Employee training
Advanced
- SIEM (Security Information and Event Management)
- Penetration testing (annual)
- Zero Trust architecture
- Zero-day monitoring
- SOC (Security Operations) Center)
Employee Training
- Phishing simulation
- Password management
- Social engineering awareness
- Data classification
- Lost/stolen device procedure
Incident Response Plan IRP (bank)
Insurance
- Cyber insurance
- Data breach intervention policy
- Business interruption compensation
- KVKK penalty protection
Supreme Court 11. HD and KVKK Board
Courts and The KVKK Board accepts that companies are obliged to take "reasonable cyber security measures" and that in case of negligence, liability will arise towards the victim and the KVKK.
Informatics and KVKK expert lawyer is recommended.