View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

ICO launches security guide for SMBs

Guide will offer hints and tips for smaller businesses... but is the ICO targeting the right organisations?

By Steve Evans

The Information Commissioner’s Office (ICO) has released a guide that aims to help SMBs avoid costly and dangerous data breaches.

The ICO says the guide will offer practical, jargon-free hints and tips to small and medium businesses on protecting their critical IT infrastructure. Smaller businesses generally lack the manpower and resources to fully protect their systems.

The guide covers topics such as physical security, anti-virus defences and employee awareness. It also provides advice on securing data on the move, keeping systems up to date, how to spot potential problems and minimising the data a company keeps hold of.

The ICO hopes the advice will help companies avoid data breaches, which can result is a fine of up to £500,000.

Information Commissioner Christopher Graham said the guide is aimed at smaller businesses that lack the expertise to fully protect their IT systems.

"While we recognise that the biggest companies and organisations will have many of these strategies already in place and have spent a great deal of money on securing their IT systems, smaller enterprises often tell us that they would benefit from simple and clear advice specifically designed for them," he said.

"This guide aims to support these companies by providing a starting point and recommendations that cost little to adopt, but can significantly reduce the risks of a serious data loss and the reputational and financial damage that can result," he added.

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

Ollie Hart, head of public sector UK & Ireland at Sophos, backed the launch of the guide and said it will benefit SMBs, who are at as much of a risk as their bigger counterparts but lack the resources to adequately defend themselves.

"As our recent survey shows, many struggle with security and are more constrained by time and resources than larger organisations. However, SMEs are just as vulnerable to cybercrime, and attacks on these businesses can potentially have a collective effect on the UK economy," he said.

However, Hart added that many SMBs lack even the most basic resources, and that this guide may not suit them.

"The key to SME security is to make policies and technologies as simple and accessible as possible, but this guidance feels like it’s aimed at those who already have a considerable level of IT and security awareness," he said.

"While this may be the case for some SMEs, many smaller companies do not have this level of knowledge and expertise in place," he added. "So while this guide is certainly a great step in the right direction in helping companies of all sizes to protect their corporate information, the ICO needs to ensure that it keeps jargon to a minimum as it continues to educate the vast array of UK businesses and the intellectual property they possess."


Further ICO news:

ICO hands out biggest ever fine to ‘surprised’ NHS Trust

Google facing further ICO Street View investigation

ICO website offline following DDoS attack

ICO hits Barnet Council with data loss penalty

ICO dishes out second NHS data loss fine

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.