As large organizations continue to protect themselves better and have larger budgets at their disposal to improve security, SMEs are becoming increasingly important to cybercriminals as sources of information.

So it's obvious that these companies are going to protect themselves well. However, research shows that small and medium-sized organizations are increasingly less secure.

Although a large proportion of organizations have a person responsible for information security, 11% do not yet have one. The reason these organizations have not appointed a responsible person is that they often believe they are not a valuable target for cybercriminals. While 39% of SMEs were affected by intrusions into their systems in 2015. So this is indeed a major threat.

Getting started with information security for SMEs

Through the network of an SME organization, a cybercriminal can more easily penetrate the network of suppliers and customers. This makes SMEs a prime target.


In 2015, 41% of organizations reported using proper security for their Wi-Fi networks. The year before, the figure was 51%. A similar decline also applies to the use of mobile security.

This trend among SMB organizations is related to a number of challenges many companies face. The budget often does not allow investment in better security.

The first step in achieving security is to protect the organization from within. In fact, in many cases, data breaches are caused by employees of the organization itself. So inform your employees about setting strong passwords, secure document storage and establish clear protocols and ensure that your data is always within the protection of your organization.

In order to work safely with your customers', suppliers' and your own organization's information not only now but also in the future, security should be set up as a process. Central to this is conducting a risk analysis to identify threats and take appropriate action.

mockup-axxemble2

Setting up information security in SMEs

Setting up information security in SMEs does not have to be very difficult. In fact, it can soon be set up to your advantage if you have answered the following questions:

  • What is the value of the information? Consider what information you manage or process within the company and what value you place on the availability, integrity and confidentiality of this information.
  • What is the risk involved? At least once a year, review the risks you face regarding the value of this information. Are there major risks? Then take appropriate measures such that the remaining risk is acceptable. Do this also in case of (major) changes within your organization or systems.
  • Do your employees know the value and risk? Make sure your employees are aware of the value of your information and the risks associated with it. Make them aware of responsibilities they have in their daily work.
As a business owner, you are used to weighing the level of measures and the costs you incur to do so against the benefits: savings from any incidents.

Our solution: Base27

Axxemble aims to support organizations in small and medium-sized businesses in a smart and practical way with adequate information security. We do this by making the aforementioned questions central to our solution, Base27.

Our online software tooling provides a framework (ISMS) for policy and organization around information security, risk management, description of processes and procedures and support for conducting the various registrations. 

Using Base27, you are able to quickly set up information security around the desired standard, including support for the new privacy legislation.