Enisa has issued cybersecurity guidance for SMEs

The EU Agency for cybersecurity (Enisa) says SME support is at the forefront of the EU’s cybersecurity strategy for the digital decade.

The EU Agency for cybersecurity (Enisa) has issued cybersecurity guidance for SMEs.

Enisa says SMEs face a whole range of cybersecurity challenges including low awareness of cyber threats, inadequate protection for critical and sensitive information, lack of budget to cover costs incurred for implementing cybersecurity measures, absence of suitable guidelines tailored to the SME sector and low management support.

Juhan Lepassaar, Enisa's Executive Director says: “SMEs cybersecurity and support is at the forefront of the EU’s cybersecurity strategy for the digital decade and the agency is fully dedicated to support the SME community in improving their resilience to successfully transform digitally.”

Enisa’s recommendations are geared at owners and employers of SMEs as well as other entities involved in the SME ecosystem, such as national and European associations, policy makers and implementers and SME ICT providers.

The recommendations fall into three categories fall into three categories:

  • Processes which includes monitoring internal business processes include performing audits, incident planning and response, passwords, software patches and data protection.
  • Technical which includes network security, anti-virus, encryption, security monitoring, physical security and the securing of backups.
  • People which includes the importance of responsibility, employee buy-in and awareness, cybersecurity training and cybersecurity policies as well as third party management in relation to confidential and/or sensitive information.

For nearly 15 years, Enisa has been pushing forward cybersecurity initiatives to assist SMEs to integrate cybersecurity into their digital environments. Starting in 2006 and 2007, the agency published two Information package for SMEs reports, providing risk assessment and management methodologies for SMEs. In 2010, the agency published the Business Continuity for SMEs report to help facilitate IT knowledge transfer to SMEs. In 2015, the Cloud Security Guide for SMEs report was released to assist SMEs understand the security risks and opportunities regarding cloud services. Two years later, the agency published the Guidelines for SMEs on the security of personal data processing.


Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI