INFORMATION SECURITY IN SMALL AND MEDIUM SIZE COMPANIES

Abstract

Small and Medium Enterprises (SMEs) are locomotives of national economies. Flexible structures of SMEs and their quick adaptation to changes make easier for the economies of countries to overcome the crises quickly. Factors such as competition, change and globalization require SMEs to use information and communication technologies. As a result of these technologies, the concept of time and space has disappeared, and it becomes very easy to reach electronic financial services and products from anywhere in the world via a mobile tool and network. In parallel with all these developments; especially in recent years, social engineering added fraud incidents and employee misconceptions highlighted information security. SMEs, which do not employ sufficient qualified labor force in information technology and have prejudge that  information security risks only affect large companies, are becoming easy targets for technology thieves. Keyboard thieves have now taken over the place of the thieves of the past. The risks arising as a result of not providing information security bring along with other risks such as reputation risk and legal risk. The purpose of this study is to reveal a simple and plain methodology for SMEs with limited opportunities to use against information security risks.