Every week there are stories about security breaches and guidelines issued on improving security to avoid breaches; from trade bodies, industry experts, software vendors and the Government. For many SMEs, the whole subject can be confusing. Is this something they should be concerned about? And do you, for example, have to do everything in the guidelines or just some things? This series of blogs provides an introduction to Information Security and what it means for an SME.

Previous blogs looked at what Information Security means http://www.tiptopmedia.co.uk/blog/what-is-information-security and if this is relevant for your business http://www.tiptopmedia.co.uk/blog/is-information-security-relevant-for-my-business protecting physical assets http://www.tiptopmedia.co.uk/blog/information-security-protecting-physical-assets protecting electronic assets http://www.tiptopmedia.co.uk/blog/information-security-protecting-electronic-assets and dealing with the human factor http://www.tiptopmedia.co.uk/blog/information-security-the-human-factor. The final blog looks at how iimprovements to information security can grow your business.

Who can you trust?

Following the increasing number of reported security breaches (and in the UK many never get reported), there will be a stronger emphasis on security in the future. A KPMG survey ofprocurement managers http://www.kpmg.com/uk/en/issuesandinsights/articlespublications/newsreleases/pages/smes-need-to-take-cyber-security-seriously-or-face-being-frozen-out-of-the-procurement-process.aspx]said that 94% see security standards as important when awarding contracts to SME suppliers and 86%would consider removing an SME supplier if they were hacked. George Quigley, Partner in KPMG’s cyber security practice, commented: “Unless these organisations take a more mature approach towards cyber security now, they face the risk of being frozen out of lucrative supplier contracts”. Any SME that is serious about winning new business, and keeping existing business with larger companies, needs to prove their commitment to security. As many SMEs are not currently taking security seriously, this is a chance to gain a competitive advantage.

Proving you are secure

There should always be a core set of policy documents that defines the approach to security. Formal recognition can be done using Cyber Essentials [link tohttps://www.cyberstreetwise.com/cyberessentials/], Information Assurance for SMEs (IASME) [link to https://www.iasme.co.uk/index.php/about] or the ISO27001 Information Security standard [link to http://www.bsigroup.com/en-GB/iso-27001-information-security/]. Which option you choose depends on the business and its clients. Seek advice from an Information Security professional with practical experience of the different standards.

And don’t forget to ask your suppliers about security. If they cannot provide evidence, look for an alternative. Saying ‘we are secure’ or ‘we take it seriously’ isn’t enough.

Some final points

This series of blogs provides an overview of Information Security. It isn’t just an IT issue, and there is no standard solution.Anyone that sells software to provide securityis only addressing part of the issue.Each company requires a unique solution that works for them and can evolve as the business grows and threats change. To make the correct decisions on improving information security,use someone that takes everything into consideration and has a proven track record with implementing one of the standards mentioned above.

Other blogs in this series

What is ‘Information Security’? http://www.tiptopmedia.co.uk/blog/what-is-information-security

Is Information Security relevant for my business? http://www.tiptopmedia.co.uk/blog/is-information-security-relevant-for-my-business

Protecting physical assets http://www.tiptopmedia.co.uk/blog/information-security-protecting-physical-assets

Protecting electronic assets http://www.tiptopmedia.co.uk/blog/information-security-protecting-electronic-assets

Information Security – the human factor http://www.tiptopmedia.co.uk/blog/information-security-the-human-factor

Find out more on how to improve your information security at http://wadiff-consulting.co.uk/first-step-to-improving-information-security/


Ian Grey
WADIFF Consulting