Information Security Review for Smaller Companies

Many small businesses think the Information Security and Data Protection Act (DPA) legislation will not affect them because of the size of their organisation and their information assets. Most think that large corporations with more assets are the only ones at risk of breaches in security – this is not true.  The Legislation covers all sizes of businesses and you should protect yourself.

  • Firstly, sensitivity of information applies to the quality and not the quantity of information.
  • Secondly, the majority of smaller organisations do not have the resources or personnel to address security in a similarly intensive manner like large corporations do and are therefore more exposed. It is important to remember however, that this is not just about IT security, it is about information security.

Any business failing to comply with the DPA is guilty of a lack of due care, and potentially leaving itself open to enforcement notices and /or fines up to £500,000, issued by the Information Commissioners Office without need for court intervention.

If you have any of the following then you will be at risk:

  • The ability to upload information to any site on the internet.
  • Sensitive information leaving your organisation.
  • Open access for all staff to the internet.
  • Laptops, USB sticks or other removable devices that are not logged and can be removed from your offices.
  • Outsourcing- clients provide you with their sensitive information or you provide them with yours.

A Secure Organisation is dynamic in its approach, has people who are committed to protecting personal and commercially sensitive data and is able to act quickly should disaster strike.  

This Review has been designed for Directors, Partners, Owner Managers and Managers of Small to Medium Sized Enterprises.  If an organisation has any of the following then they are at risk.

A Simple and Pragmatic approach to assessing needs, implementing policies and training staff.

For more information on the Information Security Review for Smaller Companies, please contact us.