Information security for Small and Medium- sized Enterprises

What level of security is right for your business and are there any security gaps? Read about the four dimensions of information security for SMEs and explore the range of security services offered by Tietokeskus.

The key to SME security is to ensure that sensitive information is not leaked to anyone who does not need it. This is particularly important when end-users are constantly dealing with documents containing, for example, trade secrets. If, on the other hand, your company has an e-commerce type of information system that handles payment transactions or customer data, it is particularly important to protect your business systems.

Every company, even the smallest, is valuable to the attacker. If a back door has been left open, someone will probably go and see if there’s anything they can use for blackmailing. In the worst case, a company can lose all its data, and with the loss of customer data, it is easy to lose your entire business.

Small and medium-sized enterprises (SMEs) are also subject to regulatory requirements

Companies have different security needs, but every company must ensure that it has an adequate level of security. An adequate level of security depends, among other things, on the regulatory requirements of the industry.

Currently, the NIS2 certification requirements, which will enter into force in October 2024, also apply to partners and subcontracting chains. With the entry into force of the NIS2 Directive, management will become increasingly responsible for information security and policies must be clear on how information security is to be reported and managed. For example, security breaches must be reported within 24 hours, which requires, in practice, a functioning SOC service.

The whole environment should be built according to the Zero Trust approach, i.e. to allow access only to those environments and tools that the user needs for their work.

“With the SOC service, we’ve detected security anomalies that we wouldn’t have noticed on our own. For a small internal IT team, having continuous monitoring in the background is particularly important, especially when our staff are on vacation or sick leave.”

Mika Jääskelä
Head of IT

Read customer story

Four areas of SME information security

At Tietokeskus, we see information security as a four square, with the areas of anticipation, detection, prevention and continuity management.

Preventive security and continuity management are already in place in most companies, but detection and anticipation are typically the areas where most improvement is needed.

Prevention

Anticipation

Detection

Continuity management

Anticipation

Anticipation means taking actions to prevent cyberattacks before they occur. This includes designing a secure architecture and aligning future projects with the target architecture. Reducing the attack surface is an essential part of developing your environment. User training also plays a crucial role: when end users know how to recognise phishing messages and other scams, they can avoid identity theft and other threats.

Reducing the attack surface
Zero Trust principle
Informing end users about security threats and phishing
Vulnerability testing
Vulnerability management service

Detection

Tietokeskus’s SOC (Security Operations Centre) service enables effective threat detection. The service extends visibility beyond traditional antivirus protection, providing a comprehensive 360-degree view of the company’s environment. This allows potential threats to be detected and responded to in time.

Active 24/7 monitoring
Alert tracking
Observation from multiple sources
Comprehensive visibility into the environment

Prevention

Prevention covers endpoint, network and identity protection – areas that have long been developed within companies. These areas are often in a good state, but as technology continues to evolve, it’s advisable to regularly assess and adopt new solutions.

Endpoint protection
Antivirus
Workstation cybersecurity protection
Firewall
Identity protection with two-factor authentication

Continuity management

Continuity management ensures that company services and environments can be restored quickly in a crisis situation. This includes backups, recovery process design, and creating and testing a recovery plan when needed. The goal is that everyone understands which systems are critical to business operations and in what order they should be restored.

Disaster recovery plan
Duplication of critical operational systems
Backups

We help SMEs ensure appropriate levels of cybersecurity

Achieving a sufficient level of cybersecurity for an SME isn’t rocket science – though it does require vigilance and constant monitoring of emerging threats. The challenge is that security needs to be integrated into absolutely everything you do. Cyber risks are connected both to employees and to the business applications in use.

We help you address all four areas of cybersecurity and establish a security level that fits your company’s needs.