Cyber security

Everyone who uses Estonia’s e-services should have three ways of identification: an ID-card, Mobile-ID, and Smart-ID.

For individuals

1. Be sceptical about suspicious e-mails that you have received.
2. Update software regularly and make sure you are using the newest version of the software.
3. Use antivirus software.
4. Use a strong password.
5. Do not believe e-mails from unknown senders that are threatening or demand quick action.
6. Do not enter your account information anywhere at the direction of a stranger and do not forward them to a stranger in any other way.
7. Use multi-factor authentication.
8. Create regular backup copies of files both in your computer and in your phone.
9. Do not publicize your personal information.

It is easiest to protect yourself from danger that you are aware of and that you know how to recognize.

Where to find information on the most common cyber attacks?

• News and threat assessments published by the Information System Authority
• Regular summaries of the past month's most important events and the situation in the Estonian space, as well as in the international environment (see also Cyber Security Yearbook (in Estonian))
• The Information System Authority Facebook page (in Estonian) and CERT-EE Twitter account.

More technical recommendations of the Information System Authority to the chief information security officers can be read from www.ria.ee.

For businesses

1. Make sure that the backing up solutions for the company's information systems are existing and operational. Backup copies that are separated from the network are of great help both in case data gets erased and if you become subject to a ransomware attack.
2. Make sure that the company has a working crisis plan in case a potential cyber incident takes place. Consider what happens if an e-service (e.g. e-mails, inventory management software) is not working for a while, the home page is down etc, and how to mitigate that effect.
3. Ensure that data protection teams have sufficient resources to be able to quickly patch up known security weaknesses and new security weaknesses that crop up. The software and solutions used at the company have to be updated to the last official version.
4. Remind the necessity of good cyber hygiene practices to your employees
5. Create an overview of the level of cyber security of the company's external IT service providers and agree upon (if it has not been provided contractually) how they are notifying their customers of cyber incidents.
6. Get acquainted with previous cyber incidents at the company: has it been possible to compromise the company's in the past and have the risks been sufficiently mitigated subsequently.