Information Security Best Practices: First Steps for Startups and SMEs

Urpo Kaila, Linus Nyman

Research output: Contribution to journalArticleScientificpeer-review


This article identifies important first steps toward understanding and implementing information security. From the broad selection of existing best practices, we introduce a lightweight yet comprehensive security framework with four useful first steps: identifying assets and risks; protecting accounts, systems, clouds, and data; implementing a continuity plan; and monitoring and reviewing. This article is intended primarily for startups and less mature companies, but it is likely to be of interest to any reader seeking an introduction to basic information security concepts and principles as well as their implementation.
Original languageEnglish
Peer-reviewed scientific journalTechnology Innovation Management Review
Issue number11
Pages (from-to)32-42
Number of pages11
Publication statusPublished - 29.11.2018
MoE publication typeA1 Journal article - refereed


  • 512 Business and Management


Dive into the research topics of 'Information Security Best Practices: First Steps for Startups and SMEs'. Together they form a unique fingerprint.

Cite this