Keep programs up to date

Vulnerabilities in office applications and other programs are still one of the main gateways for cyber attacks. If these security vulnerabilities are identified, the manufacturers generally provide security updates, also known as patches, to resolve them. Gain an overview of the programs used in your company and make sure that security updates are applied as quickly as possible, or use the frequently available automatic update function.

• BSI-Empfehlung: Management von Schwachstellen und Sicherheitsupdates - Empfehlungen für kleine Unternehmen und Selbstständige [BSI recommendation: Management of vulnerabilities and security updates--recommendations for small-scale companies and freelancers]
• Tips for consumers: Tips on update and patch management

The right way to handle passwords

Easily memorised phrases such as "123456" are still top of the most commonly used passwords. They make it easy for cyber criminals to access accounts that do not belong to them and, for example, access confidential data or make purchases in your name. By choosing secure passwords and managing them appropriately, you can significantly increase cyber security in your company.

• Tips for consumers: Creating secure passwords
• Tips for consumers: How to handle passwords securely

Back up data on a regular basis

Create backup copies of your data and test them on a regular basis. They will help to keep you safe if computers are affected by viruses or stolen. In particular, this enables you to prevent damage caused by ransomware, which is currently extremely popular among cyber criminals.

Tips for consumers: Tips for creating backups

Train all employees

In the context of information security, the "human factor" plays a crucial role. One false click on an e-mail attachment is all it takes to allow malware into your company. That's why it is important to give all employees an overview of where cyber risks can be found in their everyday work, and how to identify and respond to them in the appropriate way.

• Services of the Alliance for Cyber Security
• IT-Grundschutz: Personnel safeguards

Complete emergency exercises

Make sure your company is prepared for any potential incidents. Complete exercises and run through new scenarios on a regular basis. Apply the crisis response mechanisms: who is allowed to decide whether to shut down all computers or take the webshop offline? Who can be contacted outside office hours in the event of an emergency, even if the network is unavailable? Who is authorised to make decisions?