Conceptual Framework for Secure Teleworking and Organizational Security Management in SMEs

Abstract

"Teleworking has become one of the most important topics in the year 2020 with the Covid-19 pandemic situation. There was a sudden requirement for companies to allow employees to work from home and companies had to do it in a secure manner. When it comes to SMEs one of the most common problem SME has is less interest in security, less expertise in security and less budget allocated for security. Due to that, SMEs started using ad-hoc security to facilitate sudden teleworking requirements and most SMEs got attacked and breached due to inadequate controls.

SMEs are resistant to implementing security standards like ISO, PCI DSS, HIPPA and GDPR.etc due to constraints like lack of skills and budget. There are no easy-to-follow frameworks specifically defined for SMEs. There were guidelines published by various security vendors when pandemic comes but that was not specifically crafted for SMEs in mind. According to a European Union Agency for Cyber security, ENISA report published in 2021 one of the security challenge for SMEs are “lack of suitable guidelines”.(ENISA, 2021) This research project is proposing a conceptual framework for easy adoption to secure teleworking for SMEs. Also this will provide a reliable and easy way of adopting with defined maturity levels and eliminates problems with teleworking security in SME.

To gather data to conduct this study, security expert opinions gathered via interviews and thematic analysis used to extract relevant information. At the evaluation stage also security expert opinion taken to measure effectiveness of defined framework and results showed that this framework is accepted as a valuable and successful framework by industry security experts."