Cybersecurity for SMEs

Where to start with cybersecurity for SMEs?

Why secure your systems?

We sometimes visit companies that have not taken any or have taken some cyber security measures. These companies are particularly at risk because cyber criminals can run off with their data, the data of their customers and that of their employees without much resistance.
In many cases, such an attack leads to reputational damage and lawsuits, especially when the customers of these companies believe that the company has not done everything it can to protect itself against these attacks. Employees and customers lose confidence because their personal data is put online in such an attack. The above consequences often continue long after the actual attack has ended.

Reasons not to invest?

The reasons for not investing in information security are diverse. Here are a few we hear often:

  • Where do I begin ?
  • It doesn't fit the budget.
  • We are not interesting target
  • But we have antivirus
  • That is not necessary, we are in the cloud
  • There's no time for that now

These were just a few of the reasons we hear. But for all these reasons there are secure options and security should be a layered approach.

So where to start ?

The vast majority of data breaches take place using a human attack component. When you invest in the digital resilience of your staff, you get a better grip on your data and that of your customers. This way your employees can identify attacks earlier and handle your data better. These trainings can take place at your company location, and often, at an attractive price.

Restrict access to your important data. It sounds very logical, but how many of your employees can access sensitive data without supervision? Often a (temporary) measure is taken so that an employee has no access to data to which she/he should not have access to. Ensure that there is (automated) supervision of who has access to which data and who has consulted what.

Make sure there are good procedures regarding security: for example, when does someone get access to your business premises and is this done under supervision? How often is your data backed up and how and when are these backups tested?
Are the means of authentication currently used secure? Is it multi-factor authentication or is it just a password? Do the passwords used meet the complexity standards and is this continuously monitored?
Where do your logs go from your systems, are they central and at the right level? Without these logs it is impossible to check what is or has happened on your systems.

Cybersecurity budget

It may seem obvious, but prevention is always cheaper than cure. When we look at a Dutch report conducted by Datto then we see that: “Dutch SMEs allocate 21% to 30% of the total IT budget to cybersecurity” and “More than a third (34%) of Dutch SMEs expect an increase in the security budget”.
Fortunately, we can say that cyber security is increasingly getting the attention it needs. Which budget suits your business depends entirely on which market you operate in and where you stand with your information security.


There are many points to consider and the above is just a sampling of a much larger group of important security steps. We can imagine that these are not issues that concern you or your organization every day. We recommend that your company has a “security assessment" done. There are plenty of cybersecurity companies that can do this for you. This usually gives you a good insight into the current state of your company's cybersecurity. Based on such a report, you can also immediately make a step-by-step plan for the future and thus gain and maintain control over your data and that of your customers. Securable is happy to take the next step with you towards (even) better digital resilience.