Small and medium-sized enterprises (SMEs) face an evolving cybersecurity landscape. But when it comes to formalising digital security policies, many SMEs fall short—not because of lack of awareness, but due to complexity, poor engagement, and misaligned priorities.
September 2018 is the perfect time to revisit this issue. With recent global data breaches and increasing regional regulations in Latin America, SMEs in Argentina must act fast. But how can you make policies not just enforceable—but actually followed?
To address these challenges, SMEs need to make digital security policies accessible, relevant, and embedded in day-to-day operations. Here’s how:
Policies should read like instructions, not contracts. Avoid jargon and explain why certain rules exist. Replace “Users shall refrain from…” with “Do not...” It’s about tone and clarity.
If your team doesn’t understand the consequences of not following policies, they won’t comply. Tie sections of your policy to specific risks: phishing, ransomware, data loss, reputational harm.
Not everyone needs the same rules. Tailor simplified versions for different roles: sales, administration, IT, finance. This makes responsibilities clearer.
Launch new policies via interactive workshops. Use real-life examples and simulate threats. Staff who understand why a rule exists are more likely to remember and follow it.
Policies aren’t one-off documents. Tie them to onboarding, performance, and your broader security posture. Appoint champions to reinforce messages and reward compliance.
Set a six-month or yearly schedule to review and update policies. Regulations and technologies change quickly—your policies must evolve accordingly.
Eduardo Wnorowski is a Technologist and Director at Virtus Group.
With over 23 years of experience in IT and consulting, he brings deep expertise in networking, security, infrastructure, and transformation.
Eduardo helps Argentine businesses navigate change with clarity, security, and trust.
🔗 Connect on LinkedIn