Why implement a security policy?

[This blog provides the reasons a SME should take cyber security seriously and some of the steps they can take to be more cyber secure].

Evidence indicates that cyber security is not on the top of the to-do list for SME’s. According to research from the Government campaign Cyber Streetwise, 22% of SMEs don’t think hackers/attackers are bothered with small companies- as there are bigger targets which can reap more rewards. More shockingly, 66% of SMEs who took part in the survey don’t believe their company is at risk. The stats tell a very different story with over 74% of SME’s suffering a breach in the last year and the estimated cost of a cyber breach ranging from £65,000 – £115,000. Equilibrium feel that businesses of all sizes should consider their cyber security to be a top priority.

We appreciate that adding cyber security features to an SMEs’ network may seem daunting and costly to begin with, however the price of a breach far outweighs the cost of any initial implementation of security. As well as losing money, a breach can cause a loss of reputation and customers. No business wants to be remembered as the company that got hacked because they didn’t implement any cyber security!

Implement a security policy

Equilibrium feel that a good place for SME’s to start is by implementing a security policy. It is a document that provides a clear directive of what a company permits on the network. There are many types of security policy which can be written and implemented such as:

  • Full security policy
  • Information security policy
  • BYOD policy
  • User policy
  • Password policy
  • Acceptable use

Content needs to be accessible

Security policies should be read by every member of the company and be written in an easy to read format, especially for policies that apply to all employees such as password policies. It is beneficial for all employees to read and sign a document stating that they have read and understood the policy. Security policies can also act as a document in legal cases, so if an employee disobeys the policy to launch an attack on the company network, you can take legal action against them.

Keep policies updated

We recommend that policies should be updated regularly to ensure everything is covered in the policy, especially with trends such as Bring Your Own Device (BYOD).  This is a fairly recent trend which is rapidly expanding with 72% of organisations permitting BYOD or plan on implementing it soon. While allowing portable devices promotes collaboration and convenient working, it also brings with it more security risks. The device itself will need securing, along with the wireless network it is connecting to. Having a security policy to cover all of these details make it easy for employees to understand their role in cyber security.

Employee Training

Employee training is a vital step in keeping the SME secure. Educating all staff will provide a base line knowledge in cyber security, including making them aware of the type of attacks to look out for.

A good free source of education is Cyber Streetwise, this is a website that targets consumers and SMEs to improve their knowledge on cyber security. The website contains tips ranging from how to create a secure password to how to create a security policy. Cyber Streetwise also hosts a list of free resources which contain links to helpful guides and free security software.

Equilibrium highly recommend implementing Cyber Essentials, a government-backed certification scheme that sets out a baseline for cyber security that is suitable for all organisations. The scheme’s five security controls can prevent

“around 80% of cyber-attacks”

The certification is a valuable indicator that an organisation has taken the necessary measures to bolster cyber security and reduce the risk of a cyber-attack.

The program allows businesses of any size to gain either Cyber Essentials badges. The standard badge is formed of a self-assessment questionnaire which is then reviewed by an external certification body. The Cyber Essentials Plus badge involves an external body to perform system tests. The Cyber Essentials program is a fantastic way to highlight to your customers that you take cyber security seriously. The website contains 13 self-assessment questions which you can use as a way to get an idea of the level of security in your company.

Equilibrium Security is a specialist that focuses on Cyber Security rather than a generalist technology provider. They will be holding an event jointly with Birmingham Chamber of Commerce in September where they will be discussing this topic area in greater detail. If you are interested in attending the event.

Register Here