Cybersecurity remains a major concern for SMEs and one of the main threats of business continuity and survival. As cyber-attacks become more sophisticated, requirements for protecting an enterprise’s assets, including personal information, are becoming more stringent and complex. SMEs suffer the most damage after a cyber-attack and their chances of recovery are lower than for big companies. In addition, SMEs are asked to implement the same costly protection measures as big companies. Their inability to comply with costly requirements puts them in jeopardy and decreases their chances of recovery. The “one-size-fits-all” approach does not help SMEs.
To raise SMEs’ awareness and help them to deploy adequate preventive and protective measures, SBS and DIGITAL SME experts have developed a guide to assist smaller businesses in implementing security controls, using the ISO/IEC 27002 standard as a basis. The experts have selected 16 out 114 controls that shall provide essential protection for an SME and ensure General Data Protection Regulation compliance.
Additionally, this implementation guide aims to contribute to the ongoing efforts of upgrading the digital intensity of European SMEs. Cybersecurity SMEs can use this guide to tailor solutions for the non-ICT SMEs and strengthen their security requirements while upgrading their level of digital capabilities. Previously, SBS had also published the SME Guide in Information Security Management, based on the ISO/IEC 27001 standard. Together, the guides form an essential tool package to help SMEs implement comprehensive cybersecurity requirements.