Cyber security is embedded in the departments, that are directly connected with IT activities, since the matter principally concerns information technology-based processes. In 2021, these departments included the internal IT, the team responsible for the data center infrastructure, and the team responsible for Steiger, Northern Data’s software for the management of data centers and mining.
For the group-wide workforce, Northern Data provides a cyber security guideline that offers recommendations and sets rules in the fields of email security, password protection, and multi-factor authentication. To ensure compliance, all employees are obliged to assess a data privacy training once a year. In addition, newly hired employees are receiving an IT guide during onboarding, and training materials and information are provided on the intranet and via IT newsletters regularly. For the employees working with Steiger Software, Northern Data provides additional guidelines covering the matters of network security (ensuring security in internal networks), 2-factor authentication, penetration-testing, and SSL (securing Internet connections and protecting sensitive data transferred between two systems). Besides, the Steiger Team meets quarterly to discuss developments in the fields of data center network infrastructure and security.
To manage incidents and breaches in the internal IT, several security mechanisms (Defender for Endpoint, Defender for O365, Identity Security), that all report to one central location are applied. Depending on the incident, the management system automatically executes actions or calls for a manually executed action. In addition, every installed software is analyzed frequently for possible vulnerabilities and outdated versions. Steiger Software has its own management system, that performs regular tests, and automatically provides notifications in case of internal or external cyber security threats. Therefore, in the case of a pool change, that implicates crypto rewards running into another wallet, the management system would directly alarm. In 2021, Northern Data reported 0 cyber security breaches, whereas a breach is defined as a case of an unimplicated pool change.