Encouraging SMEs to address security

I’ve been busy over the last week finalising some interesting research work for the Information Commissioner’s Office on security advice for SMEs. It has some groundbreaking recommendations. Hopefully it will help to deliver the long overdue boost we desperately need to persuade SMEs to address security. The main problem is that they don’t really want to know. Security is a ‘grudge purchase’. But it certainly helps to assemble some suitable, complete and up-to-date advice, and erect signposts where SMEs are likely to look.
I presented some of the findings of this research at last week’s ISSA UK meeting in London, and was taken aback by how well the ideas were received. Amongst other things, it underlines three key realities. Firstly, SMEs are important. Secondly, supply chains matter. And thirdly, a different approach is needed. Shoehorning ISO 27000 standards into an SME environment is certainly not the answer. Anyone interested in catching my presentation on this subject should look out for it at next month’s meeting of Martin Smith’s excellent Security Awareness Special Interest Group in London.