Creating a successful information security policy :
WHAT SMES NEED TO KNOW
Although SMES have smaller budgets to address cybersecurity concerns , it does not mean they cannot create an actionable security framework . Sam Peters , Chief Product Officer , ISMS . online , explains why a clear and comprehensive information security policy is a must-have for SMEs and recommends five steps for a roadmap to a more robust policy .
USINESSES OF ALL sizes
B face risks from cybercriminals , and many face regulatory responsibilities . Small and medium-sized enterprises ( SMEs ), by their nature , have fewer resources to allocate to addressing these considerations .
Empowering people with the knowledge and tools they need to keep the organisation safe is the key to successful cybersecurity for SMEs , and it all starts with a clear , comprehensive information security policy .
An information security , or infosec , policy ensures that everyone in the business knows what they need to do to contribute to the organisation ’ s security , comply with regulation and keep data safe .
What makes an effective infosec policy ?
If an SME has an infosec policy to begin with ( most won ’ t !), there ’ s a good chance that it ’ s complex , rarely referenced and treated as a box-ticking exercise . It may have been drafted by a legal or tech professional , and staff may not even know where to find it . If the document is unapproachable , employees may conclude that it ’ s over their heads and ignore the policy altogether or come up with ways to circumvent it .
A successful policy should be something that employees continuously refer to rather than a box-ticking exercise . Technical specifics are important , but the policy should also be written in plain English so that everybody at
A SUCCESSFUL POLICY SHOULD BE SOMETHING THAT EMPLOYEES CONTINUOUSLY REFER TO RATHER THAN A BOX-TICKING EXERCISE .