Enisa has issued cybersecurity guidance for SMEs

Share
The EU Agency for cybersecurity (Enisa) says SME support is at the forefront of the EU’s cybersecurity strategy for the digital decade.

The EU Agency for cybersecurity (Enisa) has issued cybersecurity guidance for SMEs.

Enisa says SMEs face a whole range of cybersecurity challenges including low awareness of cyber threats, inadequate protection for critical and sensitive information, lack of budget to cover costs incurred for implementing cybersecurity measures, absence of suitable guidelines tailored to the SME sector and low management support.

Juhan Lepassaar, Enisa's Executive Director says: “SMEs cybersecurity and support is at the forefront of the EU’s cybersecurity strategy for the digital decade and the agency is fully dedicated to support the SME community in improving their resilience to successfully transform digitally.”

Enisa’s recommendations are geared at owners and employers of SMEs as well as other entities involved in the SME ecosystem, such as national and European associations, policy makers and implementers and SME ICT providers.

The recommendations fall into three categories fall into three categories:

  • Processes which includes monitoring internal business processes include performing audits, incident planning and response, passwords, software patches and data protection.
  • Technical which includes network security, anti-virus, encryption, security monitoring, physical security and the securing of backups.
  • People which includes the importance of responsibility, employee buy-in and awareness, cybersecurity training and cybersecurity policies as well as third party management in relation to confidential and/or sensitive information.

For nearly 15 years, Enisa has been pushing forward cybersecurity initiatives to assist SMEs to integrate cybersecurity into their digital environments. Starting in 2006 and 2007, the agency published two Information package for SMEs reports, providing risk assessment and management methodologies for SMEs. In 2010, the agency published the Business Continuity for SMEs report to help facilitate IT knowledge transfer to SMEs. In 2015, the Cloud Security Guide for SMEs report was released to assist SMEs understand the security risks and opportunities regarding cloud services. Two years later, the agency published the Guidelines for SMEs on the security of personal data processing.

Share

Featured Articles

How Kroll and DORA Tackle Supply Chain Cybersecurity Risks

Kroll experts highlight critical measures IT providers must adopt to protect supply chains from cyber attacks and mitigate risks from AI-enabled threats

VCARB & Dynatrace Accelerate AI For F1 Racing Performance

As real-time monitoring becomes crucial in motorsport, F1 team VCARB partners with Dynatrace to implement AI analytics and security systems

Apple's Siri: How The Most Private AI Assistant Works

After a lawsuit, Apple is eager to prioritise privacy in Siri through its on-device processing, minimal data collection and advanced security protection

How The UK’s AI Plan Will Impact The Cybersecurity Sector

Technology & AI

Darktrace to Acquire Cado Security in Cloud Defence Push

Cloud Security

Sophos MDR Reports 37% Customer Growth in Cybersecurity Push

Cyber Security