SaRB for SMO's blog pages contain between 3000-4500 words, as a non-subscribers you only have access to 800-1000 words.

(Reading time: 6 - 12 minutes)
You have already read 0%

Why Small Organisations Should have Security Policies?


Cyber Security Policy Discussions

For a majority of small organisations, security policies will make a big difference when something goes wrong. Security policies can not only set the intentions for strategic thinking but all expected behaviour, how to handle certain incidents, etc. In some respects they may end up being as much for all other stakeholder groups for the organisation, including, employees, directors, customers, regulators, investors, etc. So, it is not only important to have them, but to ensure that you have good coverage for your Organisation.

This is an edited transcript from a video blog recording of Sarb Sembhi, CTO and the CISO for Virtually Informed, and his co-host Nick Ioannou, Director of Boolean Logic.

Introduction to security policies for Small Organisations

Today we are looking at why Small Organisations should have security policies. We often get asked, "do we need to have security policies as a Small Organisation?" Or, "what's the point of them?" Or, "we're not a big enough organisation." Or, "what difference would it make to anyone, if we had policies?"

Why have security policies in a Small Organnisation?

There are many benefits for Small Organisations to have security policies, including:

  • Providing guidance for employees
  • Clarify issues for human resources
  • Attract large enterprise customers
  • Saving time for when policies are requested by customers, funders, or partners, etc.
  • Help with clarifying the importance of security to regulators if the organisations are investigated.

But before going into the benefits, let’s take a quick look at some of the policies we are suggesting and why they are useful.

"Having policies for employees ... provides guidance on how the organisation views security."

Security policy suggestions

We will explore security policies in more detail another time, but the most important security policies all Small Organisations should have include, an Email Policy, an Internet Use Policy and a Data Protection Policy. Because staff data is a big part of the information that Organisations hold a lot of, when it comes to highly detailed personal information, including medical information, tax, addresses, contact numbers, next of kin; basically, it's all there.

On top of those three, there needs to be an overall Security Policy, which covers all the things that are necessary from any user perspective, like passwords, social media, email, what they can and cannot do, etc. Then finally, depending on the sector the Organisation is in, there may be a need for policies around employee responsibilities related to data protection, or even one that relate to some of the standards that will be used to ensure security, for example. encryption, etc.

This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.


Follow-on Information

Follow-on activities for you:

  • Share the content you found useful on social media, using the above links
  • Review our FAQ's.
  • Let us know what you would like to see included in future FAQ's
  • Participate in our polls and see what other businesses like yours think.
  • Review our "'Let Us Show You How" articles.
  • Subscribe to our newsletter(s).
  • Join us on a Webinar.

About the Authors

Sarb Sembhi

Sarb Sembhi, Virtually InformedSarb is the Chief Technology Officer and Chief Information Security Officer for Virtually Informed. 

He writes and speaks about:

  • Strategic issues in Smart Environments and related technologies;
  • Digital Safety Skills for anyone not working in Cyber Security, and; 
  • Business / security challenges for small businesses and start-ups.
Nick Ioannou

Nick is Director of Boolean Logic Limited, a blogger, an author and public speaker.

Nick has authored:

  • 'Internet Security Fundamentals',
  • 'A Practical Guide to Cyber Security for Small Businesses' and
  • 'A Practical Guide to GDPR for Small Businesses',
  • as well as contributing to three 'Managing Cybersecurity Risk' books and 'Conquer The Web'.