The Information Commissioner's Office (ICO) has called for a dedicated security standard and certification process for small and medium sized businesses in order to improve their security posture.
The data protection watchdog made several recommendations in a newly published review (PDF) into the availability of security related advice for SMEs, designed to address what it sees as "large areas of gaps and overlaps".
"The ICO recognises that SMEs will not have the technical expertise that many larger businesses have at their disposal," said an ICO spokesperson.
"Many small businesses use personal information, and we recognise that SMEs need practical and concise guidance to help them comply with the law and handle personal information appropriately."
The review argued that advice for SMEs is not where they would normally try to find it, and that sites such as Business Link, the British Chambers of Commerce and the Federation of Small Businesses should show visitors the way to other sites containing more comprehensive information.
"Supply chain pressure from big customer organisations is a small but growing driver. Unfortunately, it encourages demands for the adoption of standards and practices that were not originally designed for small companies," the review noted.
"The absence of a simple security standard and certification process, perhaps including a self-certification mechanism, is a major barrier for SMEs wishing to implement security."
Should you link your data sets to add value, or leave them separate to reduce risk?
Can process camera images in real-time at up to 171 frames per second
Graphene and Kevlar used to make 'the world's toughest' shoes
Ecostress instrument will provide new insights into water usage and plant health on Earth