Staying legal and efficient: Navigating NIS2 for SMEs in enterprise supplier networks

SMEs and NIS2: A path to compliance and competitive advantage

The Network and Information Security Directive 2 (NIS2) sets the stage for companies to comply with more stringent cybersecurity regulations. For businesses covered by the Directive, NIS2 brings increased accountability, tougher penalties for non-compliance, and tighter security obligations across the board. But what about the smaller players in their network — particularly small and medium-sized enterprises (SMEs) that may not be legally required to comply?

In the November episode of our ‘Who’s Next’ series, Fokko Oldewurtel from Domenig & Partner and our Legal Counsel, Boglárka Fekecs, dove more into the details of how SMEs can pragmatically adopt NIS2.

While NIS2 specifically targets entities operating in essential and important sectors, smaller organizations connected to these enterprises can’t afford to be complacent. Even if your SME isn’t directly impacted by NIS2 regulations, your clients and partners might be, making it essential to understand and adopt NIS2 best practices. Cybersecurity risks don’t stop at the boundaries of large organizations; they extend through their entire supply chain, where smaller entities are often the weakest link.

The good news is that compliance with NIS2 doesn’t have to be a burden. Adopting NIS2 guidelines not only strengthens your overall cybersecurity posture but also builds trust with your clients, allowing you to secure a more stable and trusted position in the supply chain.

Let’s have a look at some simple but effective measures SMEs could take to bolster their security posture while complying with best practices.

Protecting data with end-to-end encryption (E2EE)

One of the easiest ways to secure sensitive data is through end-to-end encryption. This ensures that data transferred between parties remains private and protected from interception. By using E2EE tools, such as encrypted data rooms, SMEs can guarantee that sensitive information stays confidential and is only accessible to authorized users.

Implementing access controls and audit trails

Setting up strong access controls is essential. By limiting who can view, edit, or share specific documents, SMEs can ensure that only authorized personnel handle critical information. Coupled with audit trails, which track every interaction with data, businesses can create an added layer of accountability and security. Encrypted data rooms which have these additional security features are therefore vital for SMEs when sharing information on vulnerabilities in accordance to NIS2 guidelines.

Regular security audits

Conducting regular security audits helps identify vulnerabilities and ensures that all systems and protocols are up to date. This is a proactive step that can help SMEs avoid the costly consequences of data breaches.

Preparedness for cybersecurity incidents

No company wants to face a data breach, but readiness is vital. Develop a thorough response plan that addresses how to handle incidents, whether caused by human error or malicious attacks. Switching to a secure cloud solution is key to ensure that, in the event of a breach, only authorized personnel, relevant authorities, and incident response teams have access to critical information, minimizing potential damage.

Key takeaways

Even if your business is not legally bound to comply with NIS2, adopting these security practices can give you a competitive advantage. It keeps your organization secure, helps to position your business as a reliable and secure player in the supply chain, and ensures you stay ahead of potential legal or operational risks.

In our upcoming ‘Who’s Next’ webinar episode, Fokko Oldewurtel from Domenig & Partner and our Legal Counsel, Boglárka Fekecs, dove more into the details of how SMEs can pragmatically adopt NIS2.

What you will learn:

• Understanding NIS2’s impact on SMEs that do not fall under the Directive’s scope
• Practical security measures to comply with NIS2 best practices
• How to leverage NIS2 for competitive advantage

In our latest ‘Who’s Next’ webinar episode, Fokko Oldewurtel from Domenig & Partner and our Legal Counsel, Boglárka Fekecs, dove more into the details of how SMEs can pragmatically adopt NIS2.