Federal Office for Civil Protection FOCP

Cyberattacks are now a feature of everyday life and more often also SMEs are affected. Given that large firms invest more heavily in IT security, many hackers increasingly focus their efforts on seemingly under-protected targets. The Cybersecurity Quick Check allows SMEs to swiftly assess their cyber risk exposure.

According to ‘Cyberrisiken in Schweizer KMUs’ (Cyber risks for Swiss SMEs), a study published in December 2017, more than one third of Swiss SMEs have been hit by cyberattacks. Even small businesses like hairdressing salons and restaurants are potential victims. Cyberattacks can have serious repercussions: from financial losses and disruptions to day-to-day operations right up to data theft and data protection breaches, which in turn can expose the business to criminal liability.

Alarmingly, the study found that many SMEs underestimate the risk and are insufficiently protected against these kinds of attack. Basic safety measures like backups, firewalls, malware protection and IT training for staff are often lacking. This is why it is so important that SMEs are able to quickly gauge whether they have essential cybersecurity solutions in place. The fact that business infrastructures and data are increasingly linked up to the internet further increases firms’ exposure to risks from cyberspace.

Better awareness of key cyber safety measures

The Cybersecurity Quick Check for SMEs lets businesses assess how well they are protected against and prepared for cyberattacks. It takes only a few minutes to fill out the form and no in-depth understanding of computing and IT security is needed. The test also comes with a list of essential measures that SMEs should take to ensure they have a minimum level of protection against cyber risks. The best technical solutions are useless if employees do not know, understand and correctly implement the security guidelines and code of conduct.

This is why the list stresses the importance of the human factor and stipulates that a firm’s top priority should be training staff to identify emails that may contain malware or links to compromised websites. It is also vital that business-critical systems like eBanking are password-protected; strong passwords containing at least eight characters should be used. Likewise, data should be backed up regularly on external storage media, i.e. are not linked up to company network. Should hackers hijack the network and encrypt or render data inaccessible, these offline backups will let companies recover this information.

Part of the National Cyber Strategy

The Quick Check was developed at the initiative of the Swiss Association for Quality and Management Systems (SQS) under the auspices of the SATW within a broad-based group of specialists. They included representatives from the Federal Office for National Economic Supply (FONES), the Federal Commission of Experts on Data Processing and Data Security, ICTswitzerland, the Federal IT Steering Unit (FITSU), ICTswitzerland, the Federal IT Steering unit – MELANI, the Information Security Society Switzerland, the Swiss Association for Standardisation (SNV) and the Swiss Insurance Association (SIA). The Quick Test makes an important contribution to the implementation of the National Cyber Strategy (NCS).

As part of the National Strategies on the Critical Infrastructure Protection (CIP) and on the Protection of Switzerland against Cyber Risks (NCS), the FOCP, together with the competent specialist, regulatory and supervisory authorities, trade associations and critical infrastructure operators, conducts risk and vulnerability analyses in specific critical sub-sectors (e.g. laboratory services, media, financial services. The findings are used to decide on measures to improve the resilience of Switzerland’s critical infrastructures, including steps to boost cybersecurity. The SME Quick Test for SMEs makes a major contribution to advancing this goal because it does not simply provide a list of the technical solutions open to SMEs. It also stresses the importance of the human dimension, i.e. the workforce, in the success of these efforts.