Navigation and service

BSI - Federal Office for Information Security (Link to homepage)

Small and Medium-Sized Enterprises

Information and guidance for SMEs

Cyber attacks are increasingly targeting small and medium-sized enterprises (SMEs). Such attacks can often lead to huge losses while also damaging a company’s reputation. In many cases, information about customers and business partners and other sensitive data is accessed, changed, deleted, encrypted and/or published on websites used by cyber criminals. Hackers also frequently reuse this stolen data in later attacks and other criminal activities.

In other cases, SMEs are not the main target, but are nevertheless affected by large-scale attacks carried out using automated techniques. SMEs should therefore update their information security and cyber security systems and raise their employees' awareness of the correct use of information technology (IT) in response to the typical tricks and traps utilised by hackers.

On these pages, the BSI provides a selection of useful tips for both companies that lack IT expertise and businesses that already field their own corresponding teams or have outsourced this work to IT consultants.

Getting started

The Getting started page offers SMEs a chance to approach this subject step by step. Basic elements of cyber security are explained, followed by a set of short videos that cover key aspects of information security and cyber security. Guidance is then offered on handling an IT security incident, and the IT Emergency Sign is also mentioned.

Advanced protection

The Advance protection page offers an overview for companies that are already familiar with modern IT practices and the typical jargon used, and also field their own teams or have commissioned external IT service providers.

Guidance on handling an IT security incident

Mann schlägt entsetzt Hände vor den Mund, weil auf dem Bildschirm vor ihm Schadprogramme tätig sind.

I'm dealing with an IT security incident – what should I do?

The document Ransomware: Erste Hilfe bei einem schweren IT-Sicherheitsvorfall Version 1.2 provides a set of ‘first aid’ measures to take in the event of a serious IT security incident.

The Maßnahmenkatalog Ransomware is a catalogue of measures designed to counter a potential ransomware attack; it also provides a list of necessary preventive measures.

The executive summary Ransomware: Managementabstract Fortschrittliche Angriffe reports on new aspects seen in recent attacks.

CyberRiskCheck according to DIN SPEC 27076

DIN SPEC 27076 "IT security consulting for small and micro enterprises" includes the CyberRiskCheck based on it. Through this, SMEs can obtain standardized consulting from IT service providers that is specifically adapted to their needs.

Get the relevant information here.

Contact

If you have any questions, feedback or other enquiries, please contact:

Dept. WG 23 - Cyber security for small and medium-sized enterprises (SMEs)
kmu@bsi.bund.de

More Information

Back to Companies and organisations