Welcome to the Cyber First Aid Kit!

The Cyber First Aid Kit is a lightweight, open resource designed to help SMEs navigate the first 48 hours after a cyberattack, one of the most vulnerable and high-pressure moments for any business. The content will be made publicly accessible through the DIGITAL SME ISAC and built entirely with the help of our members.

The goal is to offer clear, actionable, and human-centred DIGITAL SME materials that SMEs can use, in their language, in their sector, and with the support of real, experienced professionals.

Instructions

We are looking for contributions to specific content items, each listed and described below. You can signal your interest by choosing an item. DIGITAL SME will coordinate, review, lightly format, and publish the kit on the ISAC Platform . We also look forward to:

  1. Public contribution. Your company will be named as a contributor, and your logo will appear in the Kit resources on the ISAC page.
  2. Trusted Contact roles. If you are open to being listed as a regional or sector-specific point of contact, you will be included in a public responder map, with contact information you provide.
  3. Peer stories. If you want to share your experience from a past cyber incident, we will anonymise it (based on your preference) and highlight what helped or what went wrong.

Core Materials

Here you can find the core resources of the Cyber First Aid Kit — simple, ready-to-use checklists and templates designed for the critical first 48 hours after a cyber incident. Just like the first steps in an emergency room, these materials help SMEs quickly understand what to do, who to involve, and how to limit the damage. All resources are available to download and adapt to your own needs.

Cyberattack Checklist - Sunrise Tech ParkCyberattack Checklist - HEXX ConsultingCyberattack Checklist - Bit Sentinel

Human & Tech Support Directory

Here you will find a dedicated directory of trusted professionals and organisations who can support SMEs in the event of an incident. Whether you need immediate guidance, specialised services, or simply a point of contact to help you navigate the next steps, this section connects you with human expertise and technical assistance when you need it most.

Advanced Cyber Security - ARMADA

Contacts:

  •  Practical Experience: Through ACS ARMADA NextGen SIEM and the Automated Penetration Testing Engine (APTE), we have extensive experience in handling incident data, leveraging honeypots (A-Pot), and applying AI-driven threat analysis. We can share ready-to-use technical playbooks based on real-world scenarios.
  • Regional Expertise: With a strong presence in the Balkans and Central/Eastern Europe, ACS can provide localized rapid response where such services are often limited. This positions ACS as a trusted contact point for SMEs in these regions.
  • Certifications and References: Our team holds certifications including OSCP, CRTP, and CompTIA Pentest+, and we bring experience from working with critical infrastructure, finance, and healthcare sectors.
  • Combined Support: Beyond technical response, we can assist with regulatory compliance (GDPR, NIS2) and provide educational support through cyber hygiene reminders, ensuring SMEs not only recover but also strengthen their defenses post-incident.

Bit Sentinel Security SRL - MDR & SOCaaS and On-call incident response

Contacts:

Bit Sentinel delivers MDR & SOCaaS with 24/7 on-call incident response, giving organizations continuous monitoring, advanced threat detection, and immediate access to response experts. The IR retainer model includes predefined SLAs, pre-paid hours for consulting and forensics, and readiness services like plan reviews and drills – ensuring rapid, cost-effective, and coordinated response when incidents occur.
More information on the topic is available here.

LaPas

LaPAS creates value in the open innovation ecosystem and works in collaboration with key partners in the Research&Development, Innovation and Entrepreneurship Ecosystem. Consultancy services are provided by experienced academicians and sector experts in the LaPAS consulting pool.

Specialized in digital and business transformation, strategy development and science and technology-driven research and innovation management, large-scale national and EU-funded program management, ecosystem building, commercialization of research outputs, and deep-tech entrepreneurship.

Strong track record in establishing and scaling R&D centers, innovation and digital transformation centers, technology parks, accelerators, and incubation centers, as well as capacity building for technology-based startups and spin-offs, SMEs, medium and large-scale public and private sector companies.

Contact:

Hexx Consulting

With over 20 years of experience in industrial procurement and sales, we have a deep understanding of the market’s requirements and needs. Every year, we analyze dozens of factories, hundreds of processes and thousands of machines, providing practical advice and effective solutions to help companies increase sales and adapt to the increasingly demanding requirements of international customers, for profitable contracts.

Contact:

Global Cyber Alliance Cybersecurity Toolkit for Small Businesses

The Global Cyber Alliance (GCA) Cybersecurity Toolkit for Small Business addresses the most common cyber risks affecting small businesses who conduct any aspect of their business via email or over the Internet. The structure and content of the toolkit enable small businesses to precisely target and resolve common weaknesses so they can focus more time and resources on their core business objectives. Research has shown that implementing these steps across a business can significantly reduce the cyber risk they face.

Toolkit available here

ON2IT CSIRT

In the event of a major cybersecurity breach, a rapid and organized response is critical. ON2IT’s Cyber Security Incident Response Team (CSIRT) is designed to act immediately, bringing deep expertise to contain and resolve incidents efficiently. Unlike ad hoc response teams, ON2IT’s CSIRT is always prepared. This ensures that there’s no delay in action when a cyber threat occurs, enabling fast incident management and limiting potential damage.

CSIRT available here

Cyber Hygiene Reminder Manual for SMEs

Why Cyber Hygiene Matters

Just as personal hygiene prevents illness, cyber hygiene prevents cyberattacks. Many SMEs overlook simple actions—especially in the stressful aftermath of a cyber incident. Neglecting these basics can leave businesses vulnerable to repeat attacks and compliance failures (NIS2, CRA, GDPR).

  1. Password & Authentication
  • Reset all passwords immediately after an incident. Do not reuse old ones.
  • Enforce strong password policies (min. 12 characters, mix of letters, numbers, symbols).
  • Use a password manager to reduce human error.
  • Always enable Multi-Factor Authentication (MFA) on critical accounts (email, finance, admin portals).
  1. Access Control
  • Revoke access for employees, contractors, or partners who no longer need it.
  • Apply principle of least privilege: users get access only to what they need.
  • Regularly review access rights—especially admin accounts.
  1. Device & Network Hygiene
  • Update software and systems (patch management) regularly—most breaches exploit outdated versions.
  • Ensure firewalls and endpoint protection are active and configured.
  • Encrypt sensitive data on laptops, USBs, and cloud storage.
  • Remove or disable unused devices from the company network.
  1. Email & Communication Security
  • Warn staff about phishing—most breaches start with a malicious email.
  • Use email filtering tools to detect suspicious links/attachments.
  • Establish a clear “report suspicious email” process inside the company.
  1. Backup & Recovery
  • Ensure regular automated backups of critical data (daily if possible).
  • Store backups offline or in secure cloud locations.
  • Test your restore process regularly—an untested backup is useless.
  1. Monitoring & Incident Response
  • Enable log monitoring (SIEM or simpler logging tools) to spot unusual activity.
  • Create a simple incident response plan with clear roles and steps.
  • Keep a contact list of external experts (cybersecurity partner, legal counsel, CERT).
  1. Employee Awareness & Culture
  • Train staff on cyber basics at least twice a year (short sessions, not long lectures).
  • Encourage a “see something, say something” culture—employees must feel safe reporting mistakes.
  • Celebrate good practice (e.g., reward employees who spot phishing attempts).
  1. After a Breach – Immediate Reminders
  • Change all credentials.
  • Enforce MFA immediately.
  • Revoke or adjust access rights.
  • Update and patch affected systems.
  • Notify authorities/partners if required by law (GDPR, NIS2).
  • Communicate clearly with employees and customers—silence increases risk.
CONTACT US
© 2025 European DIGITAL SME Alliance. All rights reserved