Intelligent SME.tech Issue 27 | Page 26

// PREDICTIVE INTELLIGENCE //

every level of the organisation – and with any technological skill level – can understand how it applies to them .
Creating a clear , accessible infosec policy sets the tone for a SME ’ s culture , values and expectations . It must also be comprehensive : it needs to cover all areas of the business and explicitly state what is expected , what is forbidden and who is responsible for various data and security considerations . this assurance will ultimately have worse relationships and potentially lose sales , while those that have a clear policy will have a competitive advantage .
Creating a robust infosec policy
Whether an SME already has an infosec policy that it ’ s looking to build upon or starting from scratch , these five steps offer a roadmap to a more robust policy .

1

EMPOWERING PEOPLE WITH
THE KNOWLEDGE AND TOOLS THEY NEED
TO KEEP THE ORGANISATION SAFE IS THE KEY TO SUCCESSFUL CYBERSECURITY
FOR SMES .
A successful policy , if adhered to , will create actionable security frameworks within the organisation . It will ensure that data stored and handled by the SME remains confidential and accessible .
The policy also reduces the risk and potential damage associated with a cyberattack and keeps the business in compliance with regulations such as ISO 27001 and EU GDPR .
It ’ s also important to remember that there are other stakeholders beside the SME and its employees . Customers , partners , and auditors , among others , often ask for assurance of an organisation ’ s security posture to limit their vulnerability . Businesses that cannot provide
Outline
An organisation ’ s infosec policy is a means to an end , not an end in itself . Clearly identifying that end goal and maintaining it as a consideration in every subsequent step ensures that the policy is focused and fit for purpose .
A great way to get an idea of appropriate objectives is to assess the risk landscape . What are the company ’ s vulnerabilities ( including those from the supply chain ), regulatory requirements and how much damage could be caused by incidents of different magnitudes – from data breach to total system outage ? Once these are identified , decision-makers should rank them according to the business ’ s risk appetite .
26 intelligent
. tech
Intelligent SME . tech