Information Security for SMEs

Running your own business isn’t easy. The priority has to be on getting new business and retaining existing clients. Everything else sits on a To Do list until the critical time is reached; the tax or VAT return has to be made, a decision is required on which marketing channels to pay for etc. For many SMEs Information and Cyber Security never gets reaches the critical time…unless they suffer a security breach that results in sensitive information being leaked, they cannot get access to social media accounts or the website as they have been taken over, or to vital business information as they find that their backups have never really worked and key files that were accidentally overwritten cannot be recovered etc.

Thinking about Information and Cyber Security at that point is too late. If they are lucky it may set them back a few days or lose one client, but it may be more serious and fatally damage their reputation or result in legal action from clients.

Impact of a Security Incident
Impact of a Security Incident


Information and Cyber Security covers many areas. They include dealing with threats from criminals trying to access networks and computers via the internet, or getting access to social media accounts and websites to deface them or use them to deliver malware (these can have a major impact on reputation). It also covers access to physical records, handling of confidential waste, meeting data protection requirements and business continuity planning to keep a business running in the event of a utility failure or not having access to the normal working environment.

For more details see our pages about Information and Cyber Security and getting past the jargon. One key point to note is that cyber security is a part of Information Security. If you are just securing a business against cyber security threats it is like keeping the front of a house very secure, but having little security at the sides or back.

“I already have this covered”

Many SMEs say ‘we have an IT guy (or company) and they cover this’. They will be great for sorting out network or software issues and putting new components in a desktop. But in our experience, they will not be helping you define and maintain an effective security strategy and business continuity plan, being proactive in keeping you up-to-date with the ever changing threats, training you and your staff in how to avoid the latest social engineering scams, changes to data protection legislation etc.

How we can help

The first step is a meeting to find out about your business, go through the different areas to identify which ones are relevant and how improvements will benefit your business. Benefits include gaining a competitive advantage by proving to potential clients you take information security seriously and reduced cyber liability insurance premiums. The next step is usually a Healthcheck, but it may be  specific actions to resolve a current issue or deal with short term requirements.

We can act as your Virtual Information Security Officer (VISO). Large organisations have a Chief Information Security Officer (CISO) to deliver their Information and Cyber Security strategy. SMEs do not have the need for a full-time CISO, but still need the expertise to deliver a strategy that ensures sustained business success and continuity. This is a cost-effective way to have an information and cyber security professional deliver the information security strategy as part of your team.

To get more information on how we can help your business, please contact us.