Digitalisation is advancing rapidly at small and medium-sized enterprises, as well, where it is opening up completely new opportunities. If their systems are not adequately protected, however, cyber criminals will also have a great many opportunities to spy on sensitive data and sabotage equipment or processes. Furthermore, companies have to make sure they have protected every single one of their potential weak points – after all, an attacker only needs to spot one. This is why it is so important to have a comprehensive security concept in place.

With these 10 tips, we will show you how to get started on building a complete protective framework. You can also use it as a checklist to make sure every one of these key factors is being given due consideration alongside your day-to-day business dealings. Cyber security is only effective when we see it as a challenge we need to face together day in, day out as an integral part of a company’s strategy, culture and processes.

How to protect your company

Tip 1: Cyber security is an executive-level concern

If you want to benefit from digitalisation, you have to understand that information security is an essential component that needs to be achieved every step of the way. Information security is a strategic topic, which makes it the responsibility of senior management.

Tip 2: Improve your cyber resilience

Make sure your company is prepared for any potential incidents. Carry out drills and run through new scenarios on a regular basis. Apply crisis response mechanisms: for instance, who is allowed to decide whether to shut down the web server? Which network segments can be taken offline? Who can be contacted outside of office hours in the event of an emergency, even if the network is unavailable? Who is authorised to take decisions?

Tip 3: Networks protect networks

Sharing information about threats and examples of excellent protection systems with other organisations is an important part of establishing effective safeguards. Become a member of UP KRITIS, which is a public-private cooperation involving critical infrastructure operators and the responsible government agencies, or of the Alliance for Cyber Security, the BSI’s platform for exchanging information.

Tip 4: Manage your cyber risks

Continuously monitor your company’s specific threat landscape and put appropriate technical, organisational and procedural safeguards in place.

Tip 5: Protect your 'crown jewels'

Not all data is equally important or crucial for your company’s success. Draw up an inventory of the data available in your company and classify it according to its importance. The most valuable data should be the best protected.

Tip 6: Back up your data

Create backups and test them. Cyber attacks using ransomware are a lucrative business model for cyber criminals and can bring a company to the brink of going under. If your data has been backed up, however, this type of blackmail simply does not work. Backups should be created (and tested) regularly to ensure they are functional, consistent and up to date.

Tip 7: Involve your employees and provide regular training

Implementing cyber security safeguards may make workflows more complex. What’s more, employees themselves may be targeted by cyber attacks. That’s why a key aspect of cyber security is raising employee awareness of IT security matters or types of attack by running internal campaigns and providing regular training.

Tip 8: Patch, patch, patch

Gain an overview of the hardware and software used in your company and make sure that security updates provided by manufacturers are applied as quickly as possible. The risk of a successful cyber attack drops significantly when software and firmware are up to date.

Tip 9: Encryption should be the norm

Encryption protects against information leaking out. Consistently applying secure cryptography needs to become the rule in Germany rather than the exception.

Tip 10: Make use of what the BSI has to offer

Establishing a system of IT security within a company and ensuring its long-term effectiveness is a complex task. As Germany’s national cyber security authority, the BSI is here to help. It provides information on standards and initiatives, as well as situation reports, recommendations and a host of more in-depth publications. As a member of the Alliance for Cyber Security, you can also benefit from an individual dialogue with experts and other users from the business world.