The Information Commissioner’s Office (ICO) has today published a new guide for small and medium sized businesses, showing a series of clear, practical steps they can take to help make their IT systems safe and secure.
The guide, which covers topics such as physical security, anti-virus defences and employee awareness, can help small businesses keep personal data secure, and avoid a serious data breach that could see the ICO impose a monetary penalty of up to £500,000.
Information Commissioner, Christopher Graham, said:
“Since November 2010 the Information Commissioner’s Office has had to serve civil monetary penalties totalling over £1.5 million on organisations that failed to take the necessary measures to keep peoples’ information secure.
“While we recognise that the biggest companies and organisations will have many of these strategies already in place and have spent a great deal of money on securing their IT systems, smaller enterprises often tell us that they would benefit from simple and clear advice specifically designed for them.
“This guide aims to support these companies by providing a starting point and recommendations that cost little to adopt, but can significantly reduce the risks of a serious data loss and the reputational and financial damage that can result.”
The guide includes a checklist, as well as more detailed advice on:
- securing data on the move;
- keeping you and your systems up to date;
- keeping an eye out for problems;
- knowing what you should be doing; and
- minimising the data you keep.
Mr Graham continued:
“Following this guidance is not just about minimising risk. Businesses that prioritise the safety of their customers’ personal data will have a real competitive advantage.”
Mike Cherry, Policy Chairman, Federation of Small Businesses, said:
“It’s important that the ICO have published this guidance specifically for small businesses. Good IT and data security should be part and parcel of good business practice and businesses should think about the simple steps that they can put in place to achieve this. The guidance should help businesses do this.”
ICO IT Security Guide