Help! Customer asks security questions – and we don’t have answers

In our recent LinkedIn poll, we asked SMBs:
What is the biggest stumbling block in IT policy with you right now?

These were the options:

• No clear policy: who gets to do what?

• Customer asks critical security questions

• Data sharing via workarounds (private mail / USB)

• IT policy will stay put until something goes wrong

• Uncertainty about compliance (NIS2, ISO, NEN)

📊 And the results?
A whopping 55% indicated:
“IT stays put until it goes wrong.”

 

Why this is so recognizable

When everything works, you don’t hear anyone.
Until something breaks. A laptop nicked. A data breach. Or a customer doing an audit on NIS2 or ISO/NEN standards.

So what?
Then policies must be put in place in a hurry. Permissions are quickly “taken care of.” Backups “briefly checked.” SharePoint must suddenly be set up properly.

That causes stress.
And that could have been avoided.

 

What we see a lot of with SMBs

🧩 No overview of who has access to what
📤 Files are shared via private email or USB
🤷‍♀️ No idea if backup is really working
🚨 Only action when a customer or auditor asks questions
📎 IT policy exists … but is not alive

 

And that is understandable

IT policies often feel like something for later.
Something for big companies. Or something you don’t look at until you start to grow.

But in reality, it’s like fire insurance:
You hope never to need it – but áf it is needed, you want it to be right.

 

How do you get a handle on it?

At ALTA-ICT, we help SMBs get an overview of their IT policies:
✔ Who is allowed to do what?
✔ Are files securely shared?
✔ Are we in compliance with NIS2 or ISO?
✔ What’s left open?

Not with thick reports, but just … clarity.
So that you are prepared – before things go wrong.

 

🎯 Recognizable? Let it be known 👇

📅 Need to spar about this? Feel free to schedule a moment: alta-ict.co.uk/AppointmentMaking

 

Reference

¹https://www.linkedin.com/posts/altaict_gmail-nis2-iso-activity-7333380910995705856-ja2f