In this age of digitalisation, small and medium-sized enterprises also need to develop their expertise in relation to cyber security. This ‘Getting started’ page offers SMEs a chance to approach the subject step by step. It starts by explaining the basic rules of cyber security, which are followed by a set of short videos that explain key aspects of information security and cyber security. The last video, for example, uses a real global hacker attack in 2021 to show how the BSI can help SMEs in a worst-case scenario. Guidance is then offered on handling an IT security incident, and the IT Emergency Sign is also mentioned.

If a company cannot field a team with an appropriate level of expertise in information technology and cyber security internally, we recommend contracting out this work to an IT service provider.

Basic elements of cyber security

You don’t have to be an expert in cyber security to follow a few basic rules on the responsible handling of information technology.

Information about the basic elements

• Updates
  Always keep your software up-to-date by applying security updates.
• Passwords
  Always use strong and unique passwords wherever possible. One option here is to use a password manager.

• Two-factor authentication

  Get an additional layer of protection: alongside the first factor (usually a password), you can use your fingerprint or a TAN as the second step in the process.

• Antivirus protection

  This software checks an entire device for signs of an infection.

• Firewall

  This protects against external attacks and also stops programs like spyware from establishing a connection from an infected device to the internet.

The aspect of backing up data must also be addressed as a matter of urgency. If usable backups are not available, in may be impossible to restore data after an incident.

More tips on how to ensure secure use of in-house IT and the internet.

Beyond the basics, the BSI recommends achieving a base level of protection according to IT-Grundschutz unless other regulations require a higher level for certain kinds or sizes of businesses or specific industries.

Explainer videos (in german language)

Security updates

Regular security updates protect against cyber attacks

Backups

There's no excuse for having no backup. How good is your backup strategy?

Secure handling of passwords

Using secure passwords

A password manager is the best approach

E-mail security

E-mail – a trap for the unwary: check carefully before you open and click anything!

Faked e-mails and ‘phishing’ for passwords

Browser security

Remember browser security when you’re on the web!

User accounts

Is your whole family and/or other colleagues using your work computer to surf the internet?

Criminal networks

Is your PC already part of a criminal network?

A real-world example – the worst-case scenario

A real-world example: the impact of a global hacker attack from the perspective of small and medium-sized enterprises – effects, consequences, responses -> recommendations

Guidance on handling an IT security incident

I'm dealing with an IT security incident – what should I do?

The document Ransomware: Erste Hilfe bei einem schweren IT-Sicherheitsvorfall Version 1.2 provides a set of ‘first aid’ measures to take in the event of a serious IT security incident.

The Maßnahmenkatalog Ransomware is designed to counter a potential ransomware attack and also provides a list of necessary preventive measures.

The executive summary Ransomware: Managementabstract Fortschrittliche Angriffe reports on new aspects seen in recent attacks.

The IT Emergency Sign

Based on the familiar ‘In the event of fire’ posters, the IT Emergency Sign (‘In the event of an IT emergency’) is a new sign that gives employees a quick overview of the most important immediate actions to take, plus IT emergency contact information.

IT Emergency Sign – your introduction to IT business continuity management