These controls have been selected as suitable for SMEs and can be implemented in every organisation at relatively little cost or effort. While they may not all be necessary for every SME, they can protect an organisation as it grows and should be considered best practice.

Larger organisations likely already have many of these in place, but should verify that they are and that they are appropriate to the organisation’s size and operations.

1.1 Anti-phishing training

Because phishing is one of the most common ways for malware to enter the organisation, all staff should be trained to identify it and understand what they should do when they receive phishing emails. Training should also consider other ways in which people ...

Get The Ransomware Threat Landscape now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.