ICO launches security guide for SMBs

The Information Commissioner’s Office (ICO) has released a guide that aims to help SMBs avoid costly and dangerous data breaches.

The ICO says the guide will offer practical, jargon-free hints and tips to small and medium businesses on protecting their critical IT infrastructure. Smaller businesses generally lack the manpower and resources to fully protect their systems.

The guide covers topics such as physical security, anti-virus defences and employee awareness. It also provides advice on securing data on the move, keeping systems up to date, how to spot potential problems and minimising the data a company keeps hold of.

The ICO hopes the advice will help companies avoid data breaches, which can result is a fine of up to £500,000.

Information Commissioner Christopher Graham said the guide is aimed at smaller businesses that lack the expertise to fully protect their IT systems.

"While we recognise that the biggest companies and organisations will have many of these strategies already in place and have spent a great deal of money on securing their IT systems, smaller enterprises often tell us that they would benefit from simple and clear advice specifically designed for them," he said.

"This guide aims to support these companies by providing a starting point and recommendations that cost little to adopt, but can significantly reduce the risks of a serious data loss and the reputational and financial damage that can result," he added.

Ollie Hart, head of public sector UK & Ireland at Sophos, backed the launch of the guide and said it will benefit SMBs, who are at as much of a risk as their bigger counterparts but lack the resources to adequately defend themselves.

"As our recent survey shows, many struggle with security and are more constrained by time and resources than larger organisations. However, SMEs are just as vulnerable to cybercrime, and attacks on these businesses can potentially have a collective effect on the UK economy," he said.

However, Hart added that many SMBs lack even the most basic resources, and that this guide may not suit them.

"The key to SME security is to make policies and technologies as simple and accessible as possible, but this guidance feels like it’s aimed at those who already have a considerable level of IT and security awareness," he said.

"While this may be the case for some SMEs, many smaller companies do not have this level of knowledge and expertise in place," he added. "So while this guide is certainly a great step in the right direction in helping companies of all sizes to protect their corporate information, the ICO needs to ensure that it keeps jargon to a minimum as it continues to educate the vast array of UK businesses and the intellectual property they possess."

Further ICO news:

ICO hands out biggest ever fine to ‘surprised’ NHS Trust

Google facing further ICO Street View investigation

ICO website offline following DDoS attack

ICO hits Barnet Council with data loss penalty

ICO dishes out second NHS data loss fine

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up