An initiative of APWG and the Swiss Internet Security Alliance (SISA).

Security Basics

Get more info on fundamental measures to secure your data

For your Security Cheat Sheet

Security is not magic. Five simple security basics can help you protect your data every day.

Those basics are quite easy to follow and do not need special knowledge.

Data backup: Make a copy of all my data and store it on an external hard drive.

Updates: Equip my devices with the latest security defences.

Strong passwords: Choose unique passwords of at least 10 characters.

Reality check: Be suspicious of seductive offers or urgent demands online.

Help: Get professional help or advice in case of a suspected hack or malware infection.

Did you know?

More than half of global email traffic is spam.
350,000 per day
More than 350,000 new malware samples emerge per day.
USD 200
Renting a hacker for a small cybercrime job costs USD 200.
2 minutes
It takes two minutes to crack an all-lowercase five-character password for a computer program.
USD 160 billion
The illegal trade in stolen data generates an estimated revenue of USD 160 billion per year.
Security Basics Icon

Data backup

Make a copy of all my data and store it on an external hard drive.
Backup Icon


Ever heard of ransomware? Criminals will delete your photos and other documents. Ever spilled hot coffee over your laptop? Ever left your mobile on the train?

A proper backup of your data will save you a lot of trouble. Ask around – almost everyone has a story to tell about broken laptops, stolen mobiles or infected computers.


It’s all about saving your data twice – once on your computer and a second time on an external hard drive or at least on a legally approved server or cloud.

Make a copy of your precious data regularly so you know you’ll have your latest pictures and documents if something unexpected happens.

Installation of updates

Equip my devices with the latest security defences.
Update Icon


Security technology is constantly evolving to keep up with criminal hackers’ technology.

All programs and applications you use are made by humans and therefore potentially contain mistakes. In terms of security, these potential mistakes can turn into vulnerabilities exploited by criminals.

To protect their clients, program providers work hard to fix every known vulnerability as fast as possible.

To be equipped with the latest security defences, your computer and smartphone must be up to date at all times.


Most software providers, like Microsoft or Apple, distribute updates automatically, so usually it’s very easy to stay up to date – you don’t have to do anything!

Sometimes an update requires your confirmation by clicking a button in a pop-up window. Even if updating means you’ll have to put some effort into adapting to new features or new-look the software, don’t postpone updates.

To receive updates, your computer must be connected to the internet. If you are travelling or just don’t use the internet for a while, it might take some time for all updates to be applied after reconnecting.

If you want to be certain, you can check your software's version number in the menu and compare it to the latest version number published on the official website of the program or provider.

Strong passwords

Choose unique passwords of at least 10 characters.
Strong Icon


From the user’s perspective, the key to protecting data is choosing strong passwords. Think about it: access to almost all our data online is protected by our passwords.

Passwords are the most powerful security measure on the user’s side.

Criminal hackers exploit users’ laziness and carelessness. It’s sometimes easier for them to guess passwords to gain access to lucrative data than to try attacking a solid IT security system.


Strong passwords contain at least 10 characters and include numbers, upper and lower case letters and special characters.

And it is very important to have unique passwords. Passwords should never be used twice.

Use a tool to manage your passwords, like LastPass, Dashlane or KeePass.

Find more information here: Sing your password.

Reality check

Be suspicious of seductive offers or urgent demands online.
Reality Icon


If something is too good to be true, it usually is – especially on the internet.

Criminal hackers not only exploit technical systems but also try to manipulate you. Some of them use sophisticated psychological methods to make you reveal sensitive information or click a link.

You might have seen emails urging you to change your password by threatening to delete all your data. Maybe you once visited a website with a very tempting offer. Or maybe you’ve received a call from someone claiming to be with ‘Microsoft Support’ telling you to install some software.


Be suspicious of seductive offers of any kind (shoes, money, jobs, love…).

Take your time. Even if you’re told to do something urgently, take a minute and think about whether following the request is right. Passwords are never to be passed on, and internal information is shared only with assigned colleagues.

Call back. Every time you’re not sure whether an offer or request is a fraud or not, check on it. If you receive an email sent by your colleague but the request and language are unusual, call your colleague and verify the email. In case of a phone call, tell the person you’ll call back after verifying the request.


Get professional help or advice in case of a suspected hack or malware infection.
Help Icon


Have you caught a computer virus or fallen victim to some sort of fraud?

If you suspect that your computer or phone has been hacked, don’t hesitate to get help.

Experts can identify whether your devices are infected and tell you what needs to be done to repair them.


If one of your business devices is affected, ask your IT department for help and advice. They might also respond to questions regarding non-work-related security issues or tell you who to ask or where to fix your problem.

For your personal devices, your local IT vendor is a good place to start.

You can also use the SISA cleaner. Further information is available at

If you detect or fall victim to cyber fraud, contact your local police station:

More information online

Schweizer Kriminalprävention:

FedPol - Cybercrime:

Reporting and Analysis Centre for Information Assurance (Melani):

‘Ebanking – but secure’


No More Ransom!
Security Basics Icon