Go to main content

Send a message

If you have an ongoing case, submit your case number or receipt number for faster processing.

Protect your company information

Listen

If you lose important business information – for example, due to a data breach or malicious software – it can have serious consequences for you and your company. By working systematically, such as identifying risks, training staff, and securing systems, you can better protect your company’s information.

Navigate this page:

To protect your company and its information, it is important to work systematically and in a risk-based manner with information and cyber security. A systematic approach includes, for example, considering and documenting the following:

  • What risks does your company face?
  • What consequences could occur if these risks materialise?
  • What security measures can you implement to minimise the risks?

Find more detailed information on working with cyber security at mcf.se in (Swedish)

A good start is to keep your roles as entrepreneur and private person separate, have one computer for the company and another for your private life. You also need to keep track of what information you need to have access to for your business to function. What problems can arise if someone unauthorized accesses the information or if it is incorrect.

Tips for protecting your most important information

  • Back up your company’s information frequently and regularly. Keep the backup disconnected from your computer and the internet. Test restoring the information regularly to ensure everything works as it should.
  • Keep computers, mobile phones and Wi-Fi routers updated by enabling automatic updates. This ensures you get the latest fixes and helps protect your information.
  • Use a reliable antivirus program and run a scan if you become suspicious.
  • Purchase IT equipment only from suppliers you trust.
  • Review permissions and logins. Not everyone needs access to all information or systems. Use multi-factor authentication wherever possible.
  • Use strong, unique passwords and enable screen locks on computers and mobile devices.
  • Remove apps and accounts that are no longer in use.
  • Train your employees in safe online behaviour. This can help protect against phishing, where fraudsters attempt to obtain passwords or other sensitive information.
  • Avoid public networks in places such as cafés and hotels. Instead, share a network from your mobile or connect via a VPN solution.
  • Use e-services when communicating with authorities and other businesses. They are both simpler and more secure than handling paper documents.
  • Use a digital mailbox to receive post from authorities digitally instead of on paper.

Further reading

If Your Company Is Under Attack

  • Limit and minimise the damage by disconnecting from the internet.
  • Report the incident to the police.
  • Never pay any ransom.

Advice and support on IT security incidents at cert.se
Guidance on building more secure IT environments at ncsc.se

Film: Strong password

00:00

An extortion virus, ransomware, is malicious software that locks computers and mobile devices or encrypts electronic files. This may mean that your company information is not available, that it is destroyed or deleted. To recover the stolen or locked data, your company is pressured to pay a ransom. Never pay – since there are no guarantees that this will fix the problem.

The virus can, for example, access the system by someone at the company approving a fake software update on a computer connected to the company's network or servers, or by someone visiting a web page infected with malicious code. Another common method of spreading malware is to send phishing emails containing infected attachments. If someone clicks on the attachment, the ransomware is installed on the computer.

If you and your company are affected by ransomware

Report to the police and seek help at nomoreransom.org. You will likely need to reinstall your computer and transfer files from your last backup. On the mobile phone and tablet, you need to do a factory reset.

Find help with malware at nomoreransom.org

Data breach means that someone has unauthorized access to information, for example in a computer system. It can also mean that someone manipulates, deletes, changes, or adds data to a system.

Protect your company against data breaches - sakerhetskollen.se

Phishing, a form of data breach, is a method where a fraudster tries to acquire sensitive information such as passwords, or bank or card details. They do this, for example, by getting you to click on fake links or attached files. The fraudsters usually use emails, text messages or chat apps where they invite you to click on links or attachments.

The message often contains an urgent message about a refund, or that you need to verify your customer details, and often appears to come from serious senders such as the post office, bank or an authority.

Always assess the plausibility of what is written in the message and never click on links or attachments from unknown or unexpected senders. The purpose is to access company information or money.

Foreign powers and other actors use disinformation, deception and propaganda to influence our behaviour and decisions. Resisting influence campaigns and disinformation is part of a company’s preparedness. By developing source criticism, risk management and trust-based relationships with your customers and partners, you can reduce vulnerability and strengthen your company’s psychological defence.

Psychological defence for businesses at the Civil Defence Agency (in Swedish)

Contact with other authorities

If you have questions about how to protect your company information, contact:

The Swedish Police (Polisen)
The Facebook page: Swedish Police – fraud (in Swedish)
The Swedish Tax Agency (Skatteverket)
The Swedish Companies Registration Office (Bolagsverket)
The Swedish Civil Defence and Resilience Agency (MCF)

This page was last updated:

From: Swedish Agency for Economic and Regional Growth

Did this page help you?