Enisa has issued cybersecurity guidance for SMEs

The EU Agency for cybersecurity (Enisa) says SME support is at the forefront of the EU’s cybersecurity strategy for the digital decade.

The EU Agency for cybersecurity (Enisa) has issued cybersecurity guidance for SMEs.

Enisa says SMEs face a whole range of cybersecurity challenges including low awareness of cyber threats, inadequate protection for critical and sensitive information, lack of budget to cover costs incurred for implementing cybersecurity measures, absence of suitable guidelines tailored to the SME sector and low management support.

Juhan Lepassaar, Enisa's Executive Director says: “SMEs cybersecurity and support is at the forefront of the EU’s cybersecurity strategy for the digital decade and the agency is fully dedicated to support the SME community in improving their resilience to successfully transform digitally.”

Enisa’s recommendations are geared at owners and employers of SMEs as well as other entities involved in the SME ecosystem, such as national and European associations, policy makers and implementers and SME ICT providers.

The recommendations fall into three categories fall into three categories:

  • Processes which includes monitoring internal business processes include performing audits, incident planning and response, passwords, software patches and data protection.
  • Technical which includes network security, anti-virus, encryption, security monitoring, physical security and the securing of backups.
  • People which includes the importance of responsibility, employee buy-in and awareness, cybersecurity training and cybersecurity policies as well as third party management in relation to confidential and/or sensitive information.

For nearly 15 years, Enisa has been pushing forward cybersecurity initiatives to assist SMEs to integrate cybersecurity into their digital environments. Starting in 2006 and 2007, the agency published two Information package for SMEs reports, providing risk assessment and management methodologies for SMEs. In 2010, the agency published the Business Continuity for SMEs report to help facilitate IT knowledge transfer to SMEs. In 2015, the Cloud Security Guide for SMEs report was released to assist SMEs understand the security risks and opportunities regarding cloud services. Two years later, the agency published the Guidelines for SMEs on the security of personal data processing.


Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security