Protect your company with a new cybersecurity self-assessment

More and more, small and medium-sized companies (SMEs) are relying on digital services to stay competitive in their markets. Often though, they do not realise just how important it is to adequately invest in cybersecurity until they experience a security breach. The unwelcome arrival of COVID-19 means that many companies are now totally dependent on digital services making this investment event more important.

With cyber-attacks on the rise, consequences can be significant for any organisation, from financial losses to damaged reputations. In many cases, SMEs find it very hard to implement efficient security measures because they are usually perceived as too complex, time consuming and requiring a high level of technical knowledge.

With the specific goal to tackle this issue and help companies’ staff to increase their awareness about basic cybersecurity concepts, four H2020 initiatives jointly developed a free-of-charge simple assessment which allows SMEs to measure their cybersecurity awareness skills, pinpoint their security gaps and implement the best practices in order to avoid being victim of a cyber-attack.

The “Cybersecurity self-assessment for SMEs” is a simple and quick online self-assessment questionnaire launched by 4 Cybersecurity research projects funded by the European Commission. In less than 15 minutes SMEs can easily understand where they stand in terms of cybersecurity practices implementation and learn basic security guidelines to be applied in their day-to-day routine.

Take the Cybersecurity self-assessment for SMEs

The assessment focuses on eight different cybersecurity areas:

• Office Firewalls and Internet Gateways, in order to address the need for firewalls to be configured correctly to provide effective security;
• Secure Configuration, since computers are often not secure upon default installation;
• Software Patching, considering that companies should ensure that their software is always up-to-date with the latest patches;
• User accounts best practices, such as only giving users access to the resources and data necessary for their roles, and no more;
• Administrative accounts best practices, taking into consideration that these accounts have special access privileges and, therefore, being attacked can cause huge damages;
• Malware protection, in order to prevent extensive damage to data and systems or unauthorized access to networks;
• Awareness of Password weaknesses, since weak passwords are one of the most common vulnerabilities exploitable to access company infrastructure and facilitate more complex attacks; and
• Basic risk assessment.

Philippe Cousin from SMESEC project assures: “the assessment will help companies’ staff to increase awareness about basic security guidelines to be applied in their day-to-day routine”.

SMEs or individuals successfully passing the test receive a certification of completion issued by the 4 H2020 projects: Cyberwatching.eu, CyberSec4Europe, CYBERWISER.eu and SMESEC. These projects are tackling cybersecurity and privacy from complementary perspectives, with the common aim of providing European SMEs with key resources to boost their online security.

Cyberwatching.eu contribution – Risk Assessment

cyberwatching.eu has provided content related to Risk Assessment leveraging the wide expertise of AON in this domain.

Risk assessment is a process which consists of different stages. Firstly, it is essential to identify and assess information assets; then, this information, together with relevant threat assessments, business impacts, benefits and costs, is used to assess which are the potential vulnerabilities. At this point these risks are listed in order of priority to define which mitigation measures can and must be implemented.

According to Nicholas Ferguson, Cyberwatching.eu Coordinator, “the self-assessment can help SMEs getting a first understanding of the risk assessment process and pave the way for putting in place a correct risk assessment process for their organisations”.

Check your cybersecurity skills to better protect your SMEs now