In an era where cyber threats are growing increasingly sophisticated, small and medium enterprises (SMEs) must step up their cybersecurity efforts. Building on the foundational controls of the Bronze level, the SMB1001 Silver level takes cybersecurity practices to the next tier, introducing additional layers of protection and governance. This article will walk you through what the Silver level entails, how to achieve compliance, and the advantages it offers your business.
What is SMB1001 Silver Level?
The SMB1001 Silver level expands upon the basic protections of the Bronze level by introducing enhanced technology management, robust access controls, and formalised policies and procedures. Like Bronze, Silver level certification is achieved through self-attestation by a director of the organisation and does not require an external audit.
The Silver level includes the following controls:
Category: Technology Management
- Engage a Technical Support Specialist: Ensure your organisation has a reliable technical support resource to implement and maintain cybersecurity measures.
- Install and Configure a Firewall: Protect your network from unauthorised access and cyber threats.
- Install Anti-Virus Software: Equip all organisational devices with up-to-date anti-virus software.
- Automatic Software Updates: Configure devices to automatically install tested and approved updates to address vulnerabilities.
- Install TLS Certificates: Secure all public internet-facing websites with TLS (Transport Layer Security) certificates to encrypt data transmissions.
Category: Access Management
- Routine Password Changes: Regularly update passwords to reduce the risk of unauthorised access.
- Remove Administrative Privileges: Ensure employee accounts do not have administrative privileges unless necessary.
- Individual User Accounts: Assign unique accounts to each employee to enhance accountability and security.
- Password Manager: Implement a password manager system to securely store and manage passwords.
- Multi-Factor Authentication (MFA): Enforce MFA on all employee email accounts to add an extra layer of security.
Category: Backup and Recovery
- Backup and Recovery Strategy: Develop and implement a robust backup and recovery strategy to protect critical digital assets.
Category: Policies, Processes and Plans
- Confidentiality Agreement: Require all employees to sign confidentiality agreements to safeguard sensitive information.
- Invoice Fraud Policy: Implement a policy with clear offline based procedures to prevent and manage invoice fraud.
- Visitor Register: Maintain a visitor register to track physical access to your premises.
How to Achieve SMB1001 Silver Level Compliance
Achieving compliance with the Silver level involves building on the foundations of the Bronze level and addressing the additional controls. Here’s how to get started:
- Review the Requirements:
- Conduct a Gap Analysis:
- Implement Technical Controls:
- Develop Policies and Processes:
- Test and Refine:
- Conduct the Self-Attestation:
The Benefits of SMB1001 Silver Level Compliance
Investing in Silver level compliance offers significant benefits to SMEs, including:
- Enhanced Security:
- Increased Client Trust:
- Improved Operational Efficiency:
- Regulatory Readiness:
- Resilience Against Threats:
Call to Action: Elevate Your Cybersecurity Today
The SMB1001 Silver level represents a significant step forward in cybersecurity maturity for SMEs. By implementing these controls and self-attesting compliance, your business will not only protect itself from cyber threats but also demonstrate its commitment to security and governance.
Don’t wait for an incident to take action. Begin your journey to SMB1001 Silver level compliance today. If you need guidance, consult with trusted advisors or technical specialists who can help tailor solutions to meet your needs.
In an age of relentless cyber threats, proactive measures are your strongest defence. Take the next step toward safeguarding your business and ensuring its long-term success, reach out and start the conversation today.