@article {1198, title = {Information Security Best Practices: First Steps for Startups and SMEs}, journal = {Technology Innovation Management Review}, volume = {8}, year = {2018}, month = {11/2018}, pages = {32-42}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {This article identifies important first steps toward understanding and implementing information security. From the broad selection of existing best practices, we introduce a lightweight yet comprehensive security framework with four useful first steps: identifying assets and risks; protecting accounts, systems, clouds, and data; implementing a continuity plan; and monitoring and reviewing. This article is intended primarily for startups and less mature companies, but it is likely to be of interest to any reader seeking an introduction to basic information security concepts and principles as well as their implementation.}, keywords = {best practices, cybersecurity, information security, risk management, SMEs, startups}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/1198}, url = {https://timreview.ca/article/1198}, author = {Urpo Kaila and Linus Nyman} }