IT security advice to help SMEs avoid £500k fines

18 June 2012

Smaller firms have been urged to make sure their IT security is up to scratch in order to avoid major fines which have already been slammed on the public sector for serious data breaches.

Launching a new guide specifically for small and medium sized enterprises, Information Commissioner Christopher Graham recalled that his office had already imposed penalties totalling more than £1.5m on organisations that had "failed to take the necessary measures to keep peoples' information secure".

The most recent fine, imposed on an NHS trust, stood at £325,000. But monetary penalties, the bulk of which have been seen in the public sector, can be as high as £500,000.

Unlike large organisations which would have spent significant amounts securing their IT, Graham said smaller enterprises now wanted "simple and clear advice specifically designed for them", so that they could steer clear of a fine.

The guide provides detailed advice on securing data on the move, keeping systems up to date, looking out for problems, knowing what should be done and minimising the data that is stored.

Graham said it would provide companies with recommendations that cost little to adopt but which could "significantly reduce the risks of a serious data loss and the reputational and financial damage that can result".

"Following this guidance is not just about minimising risk. Businesses that prioritise the safety of their customers' personal data will have a real competitive advantage," he added.

Mike Cherry, policy chairman at the Federation of Small Businesses said: "Good IT and data security should be part and parcel of good business practice and businesses should think about the simple steps that they can put in place to achieve this. The guidance should help businesses do this."