The kind of “how to” guide to security that SMBs will benefit from

The Data Protection Act came into force in 1998 and exists as the core piece of legislation that seeks to ensure that personal data is protected in the UK. Principle 7 of the act states what is required by those in possession of sensitive data in relation to security.

Principle 7 is comprehensive – but by no means all-inclusive (risk management will be bespoke after all) – and is well captured by the following demand: “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

In short, it states that businesses have to make all efforts to ensure security is vigorously implemented, otherwise, along with loss of data, breach of network security, loss of reputation and financial damage, they can get a hefty fine. £50,000 is significant and detrimental to small to medium-sized businesses (SMBs).

Conscious of this and the changing shape of the business landscape – the permeation of the internet into all facets of an organisation’s operations – the Information Commissioner’s Office (ICO), which oversees the Data Protection Act, has released a new guide to help SMBs out.

Entitled A Practical Guide to Information Security: Ideal for the Small Business, the ICO’s document is not bad at all. It’s not massively detailed – 12 pages – but that’s the point. It serves as an introduction, putting forward recommendations that are relatively easy to implement and not too costly.

The language is clean, perhaps directed at those who lack any discernable strategy for information security & risk management. For example, the following passage outlines the first step businesses can take:

“Before you can establish what level of security is right for your business you will need to review the personal data you hold and assess the risks to that data. You should consider all processes involved as you collect, store, use and dispose of personal data. Consider how valuable, sensitive or confidential the information is and what damage or distress could be caused to individuals if there was a security breach.”

While that may sound obvious, break it down and it’s informative. Like for example the line about the processes that are involved in collecting, storing and using data. Is this done automatically without any clear-cut policy or is it more regimented and authoritative? Knowing this can be exceptionally beneficial to SMBs.

Another great recommendation, which to most security consultants is standard practice, is using a layered approach to network security, something non-savvy SMBs might not consider, thinking that a single approach is enough.

But, as the ICO notes, there is no single approach that can ensure 100 per cent security. A combination of tools and techniques makes sense because if one “layer” crumbles, there’s another barrier in place to prevent an attack being successful.

Throughout the document, points like this are aired, and it is extremely refreshing to come across something that simplifies, explains and articulates the importance of information security in today’s age of information. Well done ICO.

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • RANT Events
  • Bloom Nepro
  • YPO
  • Crown Commerical Service
  • Disability Confident
  • ISO 9001
  • Armed Force Covenant
  • Cyber Essentials Plus
  • ISO 27001





Thank you for signing up to the acumin alerts.

Send CV

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Log in

Want to have an account with us?


Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you


Thank you for successfully uploading your CV.

Acumin Alerts


Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.



Thank you for submitting your vacancy.


Create an account to register your contact details, sign up for job alerts and upload your CV


Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.
- Practitioner
- Commercial

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management

Submit a Vacancy

Use the form below to submit a vacancy