Enisa has issued cybersecurity guidance for SMEs

The EU Agency for cybersecurity (Enisa) says SME support is at the forefront of the EU’s cybersecurity strategy for the digital decade.

The EU Agency for cybersecurity (Enisa) has issued cybersecurity guidance for SMEs.

Enisa says SMEs face a whole range of cybersecurity challenges including low awareness of cyber threats, inadequate protection for critical and sensitive information, lack of budget to cover costs incurred for implementing cybersecurity measures, absence of suitable guidelines tailored to the SME sector and low management support.

Juhan Lepassaar, Enisa's Executive Director says: “SMEs cybersecurity and support is at the forefront of the EU’s cybersecurity strategy for the digital decade and the agency is fully dedicated to support the SME community in improving their resilience to successfully transform digitally.”

Enisa’s recommendations are geared at owners and employers of SMEs as well as other entities involved in the SME ecosystem, such as national and European associations, policy makers and implementers and SME ICT providers.

The recommendations fall into three categories fall into three categories:

  • Processes which includes monitoring internal business processes include performing audits, incident planning and response, passwords, software patches and data protection.
  • Technical which includes network security, anti-virus, encryption, security monitoring, physical security and the securing of backups.
  • People which includes the importance of responsibility, employee buy-in and awareness, cybersecurity training and cybersecurity policies as well as third party management in relation to confidential and/or sensitive information.

For nearly 15 years, Enisa has been pushing forward cybersecurity initiatives to assist SMEs to integrate cybersecurity into their digital environments. Starting in 2006 and 2007, the agency published two Information package for SMEs reports, providing risk assessment and management methodologies for SMEs. In 2010, the agency published the Business Continuity for SMEs report to help facilitate IT knowledge transfer to SMEs. In 2015, the Cloud Security Guide for SMEs report was released to assist SMEs understand the security risks and opportunities regarding cloud services. Two years later, the agency published the Guidelines for SMEs on the security of personal data processing.


Featured Articles

The impact data poisoning has on cyber and AI

We take a look at why the risks of data and AI poisoning is continuing to wreak havoc on the cybersecurity industry

Five innovative ways AI can help prevent cyber attacks

A cyber hack at Okta put businesses on high alert, and here, we examine how AI can help prevent future breaches

SailPoint delivers new non-employee risk management solution

The new capability will help organisations manage non-employees while also supporting regulatory compliance requirements and reducing third-party risk

Akamai shares details of Asia’s record-breaking DDoS attack

Network Security

Vive la France and Cyberscore Law is rallying cry for Europe

Operational Security

(ISC)² signs MOU with UAE to train nation’s cyber workforce

Operational Security