– Specifically for SME Companies –

The SME Business

A small or medium-sized enterprise, or SME, as defined by the European Commission is a business or company:

  • that has fewer than 250 employees; and
  • has either (a) annual turnover not exceeding €50 million (approximately £40 million) or (b) an annual balance-sheet total not exceeding €43 million (approximately £34 million); and
  • of whose capital or voting rights, 25 per cent or more is not owned by one enterprise, or jointly by several enterprises, that fall outside this definition of an SME. This threshold may be exceeded in the following two cases: (a) if the enterprise is held by public investment corporations, venture capital companies or institutional investors provided no control is exercised either individually or jointly, or (b) if the capital is spread in such a way that it is not possible to determine by whom it is held and if the enterprise declares that it can legitimately presume that it is not owned as to 25% or more by one enterprise, or jointly by several enterprises, falling outside the definitions of an SME

 

SME Common Considerations

Data Backup

You rely on your business-critical data, such as customer details, quotes, orders, and payment details and often take it for granted – imagine how long your business would survive if it disappeared. All businesses, regardless of size, must take regular, documented and routine backups of all important data; make sure that these backups and can be restored (test the restore).

Business Continuity Planning (BCP) relies on having current copies of data to restore ensuring your business can still function following the impact of flood, fire, physical damage or theft.

Whether the copy is on a USB stick, separate drive separate computer, or cloud access to data backups should be restricted so that they are not available to anyone and are not left permanently connected (either physically or over a local network) to the device holding the original copy; ransomware (and other malware) can often move to attached storage automatically, which means any such backup could also be infected, leaving you with no backup to recover from.

Consider storing your backups in a different location, so fire or theft won’t result in you losing both copies. Cloud storage solutions are a cost-effective and efficient way of achieving this.  Backing up data is not a very interesting thing to do, but the majority of network or cloud storage solutions now allow you to make backups automatically – either incrementally or complete file systems.

Many off-the-shelf backup solutions are easy to set up, and are affordable considering the business-critical protection they offer. When choosing a solution, you’ll also have to consider how much data you need to back up, and how quickly you need to be able to access the data following any incident.

Always ensure you have latest backup copies of the installed and configured operating systems for each device

Anti-Virus Software

Antivirus software should be installed (and automatically and routinely updated) on all computers and laptops.

User Accounts

User logon accounts should only have enough access required to perform their job function and nothing else (least priviledge).

Administrative accounts should only be used for that specific task and not used on a day by day use for general work.

Operating Systems and Firmware

For all your IT equipment (e.g. tablets, smartphones, laptops, routers, firewalls and PCs), ensure the software and firmware versions are always kept up to date with the latest patches or releases from software developers, hardware suppliers and vendors. ‘Patching’ is one of the most important things you can do to improve security and where possible, operating systems, programmes, phones and apps must be set to ‘auto update’. If an operating system or device firmware becomes end of life – replace it.

USB Devices

Don’t – it’s tempting to use USB drives or memory cards to transfer files between organisations and people – huge risk of lost or compromised data and the real risk of infection by malware – just don’t allow them in the organisation – if possible, disable all USB ports on every device used. If they ‘have to be used’ – use encrypted versions that are ‘linked’ to a particular laptop of device – only

Company Security Policy Documents

Take advice from security professionals who will produce a full set of rules regarding the use of the IT system, equipment and data – these are the foundational standards the staff must adhere to – reduce the risk of cyber breach

SME – Mobile Considerations

With the rise of mobile devices (laptops, tablets, smart phones etc) the original solid brick boundaries of the old fashioned company office building have now been replaced with no physical boundaries.

What use to be “simple” to protect has now become a huge problem, protecting those devices and the inheritently important business data held on those devices has become much more difficult

Comms protection

Device protection

Identification and Authorisation of people and devices

Data backup

 

SME – Office Considerations

Words here about the common problems of the SME

Words here about the common problems of the SME

Words here about the common problems of the SME

 

- Contact Details -