ICO advises SMBs on avoiding data breaches
Data protection watchdog publishes guidance to prevent small firms falling foul of the law.
The Information Commissioner's Office (ICO) has published a guide for SMBs to help them make their IT systems more safe and secure.
The data protection watchdog, who fines companies who lose sensitive data, hopes the guide's advice will be easy and inexpensive for small businesses to implement.
The guide's aim is to help smaller firms avoid serious data breaches, as well as the fines associated with them.
The Information Commissioner, Christopher Graham, explained: "While we recognise that the biggest organisations will have these strategies already in place, smaller enterprises often tell us that they would benefit from simple and clear advice specifically designed for them."
The 12-page guide suggests small businesses review the personal data they have and then assess the possible risks to their business.
Determining how sensitive or confidential that data is will allow them to choose the security measures that will work best for them, it is claimed.
The ICO also suggests SMBs use a "layered approach" to security by introducing a number of different techniques and tools. The idea being that, if one layer fails, others would be in place to catch the threat.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
SMBs should also ensure that data is secure on devices being used away from the office, the guide advised. For instance, by encrypting these files, businesses can be assured that information will be accessed only by authorised users.
Since November 2010, the ICO has handed out penalties totalling 1.5 million to companies that failed to keep information secure.
The aim of the guide is to help smaller firms avoid serious data breaches, as well as the fines associated with them.
Mike Cherry, policy chairman of the Federation of Small Businesses, said: "It's important that the ICO have published this guidance specifically for small businesses.
"Good IT and data security should be part and parcel of good business practice and businesses should think about the simple steps that they can put in place to achieve this," he added.