Getting Started
Guidance and videos for raising awareness of cyber security
In this age of digitalisation, small and medium-sized enterprises also need to develop their expertise in relation to cyber security. This ‘Getting started’ page offers SMEs a chance to approach the subject step by step. It starts by explaining the basic rules of cyber security, which are followed by a set of short videos that explain key aspects of information security and cyber security. The last video, for example, uses a real global hacker attack in 2021 to show how the BSI can help SMEs in a worst-case scenario. Guidance is then offered on handling an IT security incident, and the IT Emergency Sign is also mentioned.
If a company cannot field a team with an appropriate level of expertise in information technology and cyber security internally, we recommend contracting out this work to an IT service provider.
Basic elements of cyber security
You don’t have to be an expert in cyber security to follow a few basic rules on the responsible handling of information technology.

Information about the basic elements
- Updates
Always keep your software up-to-date by applying security updates. - Passwords
Always use strong and unique passwords wherever possible. One option here is to use a password manager. Two-factor authentication
Antivirus protection
This software checks an entire device for signs of an infection.
Firewall
The aspect of backing up data must also be addressed as a matter of urgency. If usable backups are not available, in may be impossible to restore data after an incident.
More tips on how to ensure secure use of in-house IT and the internet.
Beyond the basics, the BSI recommends achieving a base level of protection according to IT-Grundschutz unless other regulations require a higher level for certain kinds or sizes of businesses or specific industries.
Explainer videos (in german language)
Security updates
Regular security updates protect against cyber attacks
Backups
There's no excuse for having no backup. How good is your backup strategy?
Secure handling of passwords
A password manager is the best approach
E-mail security
E-mail – a trap for the unwary: check carefully before you open and click anything!
Faked e-mails and ‘phishing’ for passwords
Browser security
Remember browser security when you’re on the web!
User accounts
Is your whole family and/or other colleagues using your work computer to surf the internet?
Criminal networks
Is your PC already part of a criminal network?
A real-world example – the worst-case scenario
Guidance on handling an IT security incident
I'm dealing with an IT security incident – what should I do?
The document
Ransomware: Erste Hilfe bei einem schweren IT-Sicherheitsvorfall Version 1.2 provides a set of ‘first aid’ measures to take in the event of a serious IT security incident.
The Maßnahmenkatalog Ransomware is designed to counter a potential ransomware attack and also provides a list of necessary preventive measures.
The executive summary Ransomware: Managementabstract Fortschrittliche Angriffe reports on new aspects seen in recent attacks.
The IT Emergency Sign
Based on the familiar ‘In the event of fire’ posters, the IT Emergency Sign (‘In the event of an IT emergency’) is a new sign that gives employees a quick overview of the most important immediate actions to take, plus IT emergency contact information.
IT Emergency Sign – your introduction to IT business continuity management