Earlier this year I conducted research, on behalf of the Information Commissioner’s Office, into the security requirements of small/medium sized enterprises, working with Barry James, a developer of security solutions for the SME sector. The ICO has now published the research report Review of Availability of Advice on Security for Small/Medium Sized Organisations.
The reality if that few SMEs implement information security. Yet many of them handle sensitive information. Persuading them to improve their security is a major challenge, but it needs to be tackled. The solution demands a fresh approach to SME security, including more appropriate advice, standards and incentives. The research report makes a number of recommendations, which are now being pursued by a working group of ISSA-UK, as well as by a number of government agencies.