Cybersecurity quick test for SMEs
Cyber security in SMEs leaves much to be desired. Companies should therefore be able to quickly assess whether their technical, organizational and employee-related measures to protect against cyber risks are sufficient. Answers are provided by a newly developed quick test.
Hackers are increasingly directing their cyberattacks at so-called "low hanging fruits" - i.e., SMEs that are not sufficiently protected. The study published in December 2017 "Cyber risks in Swiss SMEs"The results of the survey speak for themselves: around a third of SMEs have already been affected by viruses or Trojans. Data loss and extortion via the Internet have already occurred in four percent of the companies surveyed. Many companies do not deal with the issue properly until damage has already been done, as the initiators of the Quick tests emphasize. "We repeatedly sense great uncertainty among SMEs regarding cybersecurity. Many don't know how to tackle the issue. The quick test is a good way to get started and identify any need for action," says Nicole Barandun, President of the Zurich City Trade Association (GVZ).
Quick test with twelve topics
The rapid test was developed on the initiative of the Swiss Association for Quality and Management Systems (SQS) under the direction of the Swiss Academy of Engineering Sciences (SATW) in a broad-based expert group. The focus is not on a comprehensive and complete analysis, as the initiators emphasized at the media conference in Zurich on September 3. The quick test consists of a three-page checklist and is divided into twelve topic areas. Only those who can answer all 34 individual questions with "yes" are presumably sufficiently prepared against cyberattacks. Otherwise, the security officer or entrepreneur can immediately see where he still has deficits in his company with regard to cyber risks.
Specialists from various fields developed the questionnaire and the paper thematically covers the current standards on security, as Umberto Annino, president of Information Security Society Switzerland (ISSS), explained. The aim of the quick test, he said, is to enable SMEs with little know-how regarding IT and IT security to obtain an overview quickly and in an uncomplicated manner. Using the questionnaire, they can immediately see whether their technical, organizational and employee-related measures to protect against cyber risks are sufficient.
In line with the national cyber strategy
"Protection against cyber risks is a shared responsibility of business, society and the state. We are therefore making an important contribution to the implementation of the new cyber strategy and providing SMEs with a tool that helps them to better assess their own cyber risk," says Pascal Lamia, Head of the Reporting and Analysis Centre for Information Assurance (MELANI) at the media orientation in Zurich. A rapid implementation of the NCS 2.0 had been called for from various sides in the summer months, including by National Councilor Marcel Dobler, President of ICTswitzerland: "It is to be welcomed that the relevant players are now getting involved themselves. This confirms the urgency. I am convinced that the federal government, for its part, will do what is necessary and provide sufficient resources to advance the implementation of NCS 2.0 quickly and in a targeted manner". (rs)
The rapid test is also available as PDF available. Those who need explanations on each topic of the questionnaire will find in a Accompanying document further notes.
