The Web hosting provider Hostway UK (www.hostway.co.uk) announced on June 6 the results of its recent report that shows that over 50 percent of UK’s SMEs could be in danger of breaching the 1998 Data Protection Act. The report surveyed 121 UK SMEs and showed that although 94 percent of the respondents understood the importance of IT security in compliance with the Data Protection Act, 59 percent were still at risk from non-compliance because of the security risks associated with poor server configuration. Additionally, 59 percent of businesses said they were using default configurations when setting up servers, while nearly 47 percent of SMEs admitted to not regularly auditing the services they have running on their servers.
Most SMEs store personal data on their servers, and must therefore follow the eight principles of the DPA that were enforced to ensure that data is handled correctly. The seventh principle of the DPA calls for SMEs to set processes and procedures in place to protect the personal information they hold about individuals, including information kept on websites and related servers.
Rob Lovell, CEO of Hostway UK, said that by installing and leaving services running that are not being used, businesses are essentially leaving doors into the server open, therefore compromising data security, that with personal details residing on most servers, one can easily see how so many SMEs are at risk of breaching the DPA, and that this simply isn't acceptable, if an SME is found guilty of breaching the act not only will its reputation suffer but it could also suffer financial penalties.
