SaRB for SMO's blog pages are 3000-4500 words, non-subscribers only have access to 800-1000 words.

(Reading time: 7 - 14 minutes)

Why Small Organisations Should have Security Policies?


SaRB for SMOs Action Info

Security Management Group

Cyber Security Policy Discussions

For a majority of small organisations, security policies will make a big difference when something goes wrong. Security policies can not only set the intentions for strategic thinking but all expected behaviour, how to handle certain incidents, etc. In some respects they may end up being as much for all other stakeholder groups for the organisation, including, employees, directors, customers, regulators, investors, etc. So, it is not only important to have them, but to ensure that you have good coverage for your Organisation.

This is edited content from Sarb Sembhi and co-host Nick Ioannou. Also in video and podcast media.

 Glossary Terms in this Blog Article - hover to view, click for full glossary.


Introduction to security policies for Small Organisations

Today we are looking at why Small Organisations should have security policies. We often get asked, "do we need to have security policies as a Small Organisation?" Or, "what's the point of them?" Or, "we're not a big enough organisation." Or, "what difference would it make to anyone, if we had policies?"

Why have security policies in a Small Organisation?

There are many benefits for Small Organisations to have security policies, including:

  • Providing guidance for employees
  • Clarify issues for human resources
  • Attract large enterprise customers
  • Saving time for when policies are requested by customers, funders, or partners, etc.
  • Help with clarifying the importance of security to regulators if the organisations are investigated.

But before going into the benefits, let’s take a quick look at some of the policies we are suggesting and why they are useful.

"Having policies for employees ... provides guidance on how the organisation views security."

Security policy suggestions

We will explore security policies in more detail another time, but the most important security policies all Small Organisations should have include, an Email Policy, an Internet Use Policy and a Data Protection Policy. Because staff data is a big part of the information that Organisations hold a lot of, when it comes to highly detailed personal information, including medical information, tax, addresses, contact numbers, next of kin; basically, it's all there.

On top of those three, there needs to be an overall Security Policy, which covers all the things that are necessary from any user perspective, like passwords, social media, email, what they can and cannot do, etc. Then finally, depending on the sector the Organisation is in, there may be a need for policies around employee responsibilities related to data protection, or even one that relate to some of the standards that will be used to ensure security, for example. encryption, etc.

This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.

Default sample Threat Map infographic

Infographic images are copyright of Virtually Informed, and available to registered users for download during the publication week of the blog article together with other downloadable resources, including: all related infographics on this page, example policy templates, posters, screen savers and much more. 

Actions and Activities

Now, on SaRB for SMOs:

  • Help us to help you by completing our short poll on this topic (only available when article is published).
  • Let us know which FAQs you would like us to answer.

Later, in your Organisation:

  • Complete Board level Policy Review
  • Update Policy
  • Present to the Board for Agreement

Finally, if you know anyone who could benefit from the information you have viewed, please invite them to register for SaRB for SMOs and share our resources with them.

Follow-up Resources:

Virtually Informed Resources:

  • Glossary - at the top of this blog article (link to items).
  • Infographics (Downloadable in the week of publication).
  • Download Items - Policy Templates, etc. (Downloadable in the week of publication).
  • FAQ’s (Available soon).
  • Blog articles (link to items )
  • How To articles (links only available to Premium subscribers).
  • Other content (available soon)

External Resources:

  • Ponemon Institute Survey
  • Other Survey information

Images from