The Information Commissioner’s Office has also published a guide to IT security for small businesses to aid compliance with the Data Protection Act. The guide advises risk assessment and a layered approach to security including physical security, anti-virus and anti-malware products, well configured firewalls, strong passwords, employee awareness and training, segmenting network components, use of well-written policies and hardening devices, eg: removing unused software. Encryption is recommended for data held on mobile devices which should have remote disabling or wipe facilities. Software should be kept up-to-date and personal data needed for archive purposes moved to more secure locations. IT outsourcing contractors should be audited. If you would like a copy of the guide please drop me an email -firstname.lastname@example.org.