BCS produces IT security guidance

Louise Bennett
Louise Bennett says everyone has to to do their bit

BCS, the Chartered Institute for IT, is publishing a free guide to IT security for small businesses, with a warning that it is often overlooked.

It is producing the advice following the publication of research by the Department for Business, Innovation and Skills that shows an increasing number of smaller businesses have been hit by security breaches.

Louise Bennett, Chair of BCS Security, explains: "Security is for all businesses, but it often gets overlooked by SMEs as they don't necessarily have an IT department to support it. However, it's a myth that security is only the responsibility of the IT department; every employee is responsible for the organisation's security.

"Attacks can arise from a wide variety of sources including human error, a deliberate attack by an outsider or a malicious attack by a disgruntled member of staff. The IT department may well set out the security issues, but it's actually important that everyone plays their role in implementing these simple measures."

The BCS guidance breaks down into three areas. The first is to educate all employees to "think security", which involves policies for passwords, the use of the internet and social media, and teaching them to spot and deal with phishing and spam emails.

The second is to manage equipment and reduce risk through measures such as following the ISO 27001 model for security policy, deploying firewalls, subjecting a network to a penetration test, securing wireless routers and deploying a proxy server between internal and external network resources.

The third deals with data protection and includes classifying data for confidentiality and criticality, and ensuring that employees understand their role. The BCS says its Personal Data Guardianship Code can help in this respect.