With the recent Dispatches documentary on Channel 4 once again fanning the flames of anxiety around data theft, firms would do well to use the publicity as a wake-up call and turn the security spotlight on themselves.
Research from the Department of Trade & Industry (see UK firms get data security wake-up call) has shown that half of all UK retailers and utilities companies do not have any formal procedures in place to comply with data protection laws. It is an amazing statistic, and one that illustrates only too clearly the scale of the challenge the UK faces.
And it is not only an issue for the banks to worry about, but for all businesses, since the data at risk includes the sensitive commercial information that is the lifeblood of so many operations.
Much of that data might not be covered by the Data Protection Act, but it should still be something that your business takes all possible steps to protect.
The DTI sees information security standards such as BS7799 or its equivalent international ISO standard as the best way for businesses to address data security systematically. That advice also sits well with the many legal and technical experts, most of whom will start by telling firms to undertake a full risk assessment in order to put a value on their various assets and have a clear idea of which data needs to be protected from prying eyes.
Whichever tactic you adopt, putting your approach to security on a more formal footing is the key.
Intrusion detection software has been superseded by intrusion prevention technology. Now is the time for businesses to make the same leap and get their data security right from the top down, before an undercover reporter - or someone much worse - pays them a visit.
This was first published in October 2006