In the name of security: Safer Internet Day and the BSI’s IT security label

Security in the digital world has many sides to it. It ranges from technical requirements to the detection of misinformation or fake news. From the protection of one’s own privacy to the protection of company secrets to protection against malware. At Perseus, we always strive to provide the various information on the subject in a way that is easy to understand and accessible.

But cybersecurity is complex. If you face challenges in doing so on a frequent basis, it’s not your failure. Rather, it’s an indication that you’re studying the topic hard enough to realize how multifaceted it is.

That’s why we’re all the more pleased to introduce you to two resources for more guidance in this blog post: The IT security label from the German Federal Office for Information Security (BSI) and the Safer Internet Day materials and campaigns.

February 8, 2022 is Safer Internet Day

Safer Internet Day is mainly aimed at children, young people, parents and teachers. Actually, quite a narrow target group. But the diversity of the information and teaching materials alone speaks for itself. Security gaps, misinformation, scams and data protection affect even the youngest on the Internet. If you have children, care for them, teach them. If you are under 18 yourself, you’ll find plenty of practical information here. For example, what to do about cyberbullying, how to use smartphones smartly, and especially helpful: the very clearly summarized contract terms of WhatsApp, Snapchat, and Instagram, among others.

The IT security mark of the BSI

In the future, the IT security mark of the German Federal Office for Information Security (BSI) will provide additional orientation – at least for some devices and services. Are you planning to buy a new router soon? Or a new e-mail address? Then keep your eyes open for the new IT security mark! What it means, what advantages it has and what its limits are, we’ll tell you below.

What does the IT security mark represent?

In very general terms, the IT security mark stands for a manufacturer’s voluntary commitment to security standards specified by the BSI. The BSI defines these standards in a special, publicly accessible guideline for the respective product or service group. In addition to complying with technical specifications, manufacturers also commit to reporting security vulnerabilities to the BSI and to rectifying them without delay.
Note: The IT security mark is not a guarantee that a product or service is absolutely secure and cannot be compromised. With higher security standards, this is less likely, but still possible in principle. If worst comes to worst, however, you can quickly find details of the relevant security vulnerabilities on the basis of the IT security mark – or report a compromise yourself.

Which products already carry the IT security mark?

Initially, IT security marks will be awarded to e-mail services and routers. Other product groups will follow. On Feb. 1, 2022, the first e-mail service received the IT security mark. You can find the current status in the BSI’s directory of issued IT security marks.

How does the BSI verify the IT security mark?

When issuing the mark, the BSI relies primarily on the self-disclosure and self-commitment of the manufacturers. Their written application is checked for plausibility and rejected if necessary. It can also be rejected if the products or the manufacturer are known to have security vulnerabilities or problems.
After the seal has been awarded, the BSI can check the products or services at any time. For example, as part of random checks or after a security vulnerability has become known. If this inspection is negative, the BSI can withdraw the IT security seal.

How effective is this type of allocation and verification?

Ultimately, only time will tell. What we at Perseus find important is that manufacturers are not forced to apply for the seal. They decide to do so of their own accord – and thus also to comply with the relevant safety standards.

What are the advantages of the IT security mark?

For consumers: The IT security mark shows you that a product or service meets the security standards of the BSI. A detailed BSI page tells you what these are and provides additional security information.

For manufacturers: With the IT security mark, you can quickly and credibly make your cybersecurity efforts visible.

What does the IT security mark look like?

You will encounter the IT security mark in the header of our article on the manufacturer’s website. For a device like a router, also on the packaging and possibly on the router itself.
The QR code and the link of the respective IT security label refer to a special product information page at the BSI. On it, you will find important information about the device or service, for example, about security vulnerabilities or updates. You can also report security vulnerabilities yourself here.

Our recommendation: The easy-to-find information about updates is particularly helpful for routers. Experience shows that many people have never updated their router and often do not know exactly where to look for a corresponding update. The information is now easy to find on the BSI product information page.

What are the disadvantages of the IT security label?

The biggest disadvantage we see for consumers is that the Technical Guidelines for the BSI security standards are only available in English. This makes these standards more difficult for interested parties to understand. A German translation would facilitate the desired transparency, despite the many technical terms included.

Do you want even more security on the Internet?

Digital devices and services that meet sensible security standards are an important component of your cybersecurity. But what is even more important is you. More precisely: your security-conscious handling of the devices, services and the Internet itself. Our online training courses help you do just that. Just try them out – free of charge for 30 days. You can concentrate fully on the content. Because your trial period ends automatically and without any further obligations for you.