Enisa has issued cybersecurity guidance for SMEs

The EU Agency for cybersecurity (Enisa) says SME support is at the forefront of the EU’s cybersecurity strategy for the digital decade.

The EU Agency for cybersecurity (Enisa) has issued cybersecurity guidance for SMEs.

Enisa says SMEs face a whole range of cybersecurity challenges including low awareness of cyber threats, inadequate protection for critical and sensitive information, lack of budget to cover costs incurred for implementing cybersecurity measures, absence of suitable guidelines tailored to the SME sector and low management support.

Juhan Lepassaar, Enisa's Executive Director says: “SMEs cybersecurity and support is at the forefront of the EU’s cybersecurity strategy for the digital decade and the agency is fully dedicated to support the SME community in improving their resilience to successfully transform digitally.”

Enisa’s recommendations are geared at owners and employers of SMEs as well as other entities involved in the SME ecosystem, such as national and European associations, policy makers and implementers and SME ICT providers.

The recommendations fall into three categories fall into three categories:

  • Processes which includes monitoring internal business processes include performing audits, incident planning and response, passwords, software patches and data protection.
  • Technical which includes network security, anti-virus, encryption, security monitoring, physical security and the securing of backups.
  • People which includes the importance of responsibility, employee buy-in and awareness, cybersecurity training and cybersecurity policies as well as third party management in relation to confidential and/or sensitive information.

For nearly 15 years, Enisa has been pushing forward cybersecurity initiatives to assist SMEs to integrate cybersecurity into their digital environments. Starting in 2006 and 2007, the agency published two Information package for SMEs reports, providing risk assessment and management methodologies for SMEs. In 2010, the agency published the Business Continuity for SMEs report to help facilitate IT knowledge transfer to SMEs. In 2015, the Cloud Security Guide for SMEs report was released to assist SMEs understand the security risks and opportunities regarding cloud services. Two years later, the agency published the Guidelines for SMEs on the security of personal data processing.

Share

Featured Articles

ICYMI: New Age of the CISO and cybersecurity trends for 2023

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Kingfisher chooses Google Cloud as catalyst for growth

Google Cloud will support Kingfisher's digital ambitions with a range of solutions, from infrastructure to data analytics.

ICYMI: Cyber predictions for 2023 and trouble in paradise

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Osirium shares its cyber predictions for 2023

Cyber Security

ICYMI: Unloved emails and cybersecurity worth $500bn by 2030

Cyber Security

Cyber security market anticipated to reach $500bn by 2030

Cyber Security