Halkyn Security Blog
Specialist Security & Risk Management Consultants

Information Commissioner’s Office launch IT Security Guide for Small Businesses

Today the Information Commissioner’s Office (ICO) announced it had produced “A practical guide to IT Security” with the subheading that this is “Ideal for the small business.”

At the time of writing, the ICO press release announcing the IT Security guide appears to be having trouble (what looks like an infinite redirect loop is in place), but the document itself is still available for download directly.

The driver behind this publication appears to be the result of the ICO wanting to address the fact that an unfortunate number of small – medium enterprises (and some larger ones…) are woefully unaware of what they should be doing to implement basic good practice security measures.

Presented in an easy to read manner, this guide does not attempt to drill down into your security controls (except on a few occasions) but, rather, gives a higher level overview including a checklist you can follow to ensure you have at least considered the major security areas.

Overall, this is a useful, albeit basic, piece of guidance with no glaring errors. Properly implementing the measures mentioned will certainly improve your overall security posture – but as always, the devil is in the details. A guide like this is never going to cover ever situation and you should always make sure your security controls are driven by a sensible risk management approach and add value to your organisations security rather than being a way of complying with an arbitrary checklist.

Where some small enterprises may struggle is in working out how to follow the guidance given, for example it says

• Some mobile devices support a remote disable or
wipe facility. This allows you to send a signal to a
lost or stolen device to locate it and, if necessary,
securely delete all data.

– Your devices will need to be pre-registered with a
service like this.

And it is far from clear as to how the business should implement this sort of measure – or even if they should as it can be an overly expensive approach for a lot of SMEs.

However, minor quibble aside, this is a useful document and we would fully recommend that all size of organisation read it and take on board the big-picture advice it gives.

Similar posts
  • UOC – Cybersecurity Conference ... Cybersecurity is big news with governments and businesses suffering at the hands of cyber attacks. As a result of this, the University of Chester (UoC) STEMs society is hosting a Cybersecurity Conference on the 28th March 2017. The primary aim is to raise awareness of Cybersecurity. In addition, it will provide an opportunity to build professional networks and encourage career [...]
  • Dashboards vs Security – are th... Metrics, Dashboards and Security Like them or not, metrics are a fundamental part of every organisation. Security doesn’t get to a free pass. It is a rare CISO who doesn’t demand dashboards showing how all the security controls are performing. Therefore for most organisations, this is a fight long lost. This may not always be a [...]
  • Security Incident Response Really Doe... Incident response is one of those things you really hope you’ll never have to use, but know you will. Or at least you should know! Even with the best security, there will come a day when you are up to your eyes in chaos. Either a live security incident or, worse still, picking up the pieces [...]
  • North Wales Cyber Security Cluster &#... The North Wales Cyber Security Cluster is meeting on 21 April at Solvings Ltd, in Mold, Flintshire. Solvings provide a great location and the cluster is a wonderful opportunity to learn about cyber security. Access to cluster meetings is free and everyone is welcome. No prior knowledge is needed. There really are no stupid questions! Clusters [...]
  • Ransomware: Don’t panic –... Since Cryptolocker appeared in late 2013, it seems hardly a day can go by without some ransomware attack hitting the news. The variations all have entertaining names like Teslacrypt, Locky, PayCrypt (etc). The impact on the victims can be monumental. Tracking sites show new versions appearing several times a day – much faster than most [...]

Recent Tweets Recent Tweets