# IT security for SMEs

**What does IT security mean for an SME?**

IT security in a small or mid sized business means reliably doing the few things that stop most real attacks: current systems, tested backups, two-factor login, clean permissions and staff who recognise phishing.

Smaller companies face the same threats as large corporations but rarely have a security team of their own. Most attacks are automated. They look for known vulnerabilities and weak access, and they do not ask how big the target is.

The Austrian Economic Chamber and the federal Onlinesicherheit initiative publish guidance aimed explicitly at businesses without an IT department. Both can be read at no charge and a good starting point before you spend any money.

## Related terms
- [Security objectives: confidentiality, integrity, availability](https://vetosec.at/en/it-security/schutzziele/)
- [Attack surface](https://vetosec.at/en/it-security/angriffsflaeche/)
- [Security awareness training](https://vetosec.at/en/it-security/awareness-schulung/)
- [Backup and restore](https://vetosec.at/en/it-security/backup-wiederherstellung/)

## Source
https://vetosec.at/en/it-security/it-sicherheit-kmu/ (vetosec, grundlagen)
