Enisa aims to boost SME security

Security education is a key priority among smaller European firms

The European Network and Information Security Agency (Enisa) today announced the results of its pilot scheme designed to introduce risk assessment and management processes to small and medium-sized businesses.

The European Union's security body has made security education and awareness raising among smaller firms one of its key priorities, given that SMEs – representing 99 per cent of all European enterprises and roughly 65 million jobs – are crucial to the region's economy.

Enisa began the pilots in 2008, in an attempt to validate and promote the best practices set out in its Information Package for SMEs document and to receive constructive feedback to adapt the approach in future.

The pilots were conducted among members of three organisations across Europe, in order to reach out to as many SMEs and micro enterprises (MEs) as possible. The three were UK accountancy association the IAAITC, Spanish consulting firm GMV Soluciones Globales Internet and the University of Bologna.

The general feedback from the schemes and Enisa's simplified approach to security and risk management was positive, according to the new report, helping to raise awareness levels and motivating companies to improve their information security management approaches.

“We all know that the SMEs constitute the basis of Europe’s economy, therefore the validation of a simplified risk management approach for these companies is crucial," said Enisa executive director, Andrea Pirotti.

"With this approach, the necessary steps and appropriate measures for increased security can be taken.”

However, simplifications and more automated steps are needed for very small and micro enterprises, the report argued. For example, the UK pilot scheme concluded that the approach works well for companies of a certain size which have the appropriate resources, "but does not scale down sufficiently to provide a suitable framework for micro organisations".

"These organisations require a simpler framework that can be processed more quickly and with less outside input," it continued.

The document is set to serve as a "roadmap for future ENISA activities" in the SME sphere, the agency said.