IT security experts appear to be fighting a losing battle to educate businesses about the need for data protection.

This is despite the alarming blunder by HM Revenue and Customs officials who lost the banking details of everyone who receives child benefits.

Tony McDowell, director of IT security specialists encription, said he was horrified and yet not surprised to hear of the breach.

"Under the Data Protection Act 1998, businesses and organisations have a legal obligation to protect data stored on their IT system but situations such as this are still a common occurrence because these companies are failing to take adequate steps to protect themselves against this kind of incident," he warned.

"We've been endeavouring to educate businesses as to the many security threats that they face, but it seems that we are fighting a losing battle.

"While it is the larger organisations which tend to make the headlines, smaller businesses are more commonly the ones which take the attitude that it won't happen to them but it probably already has; all businesses are at risk from cyber criminals, regardless of their size or turnover.

"The good news is that there are a number of ways you can protect yourself, including encrypting data, securing your websites, IT systems and wi-fi networks and providing adequate training to all employees about their responsibilities relating to the safe transmission, handling and disposal of information."

The British Security Industry Association also says that companies should be learning lessons about the importance of protecting confidential information.

"Compliance with the Data Protection Act is imperative for every business," saids BSIA information destruction section chairman, Anthony Pearlgood.

"By contravening the requirements of the Act and not sufficiently protecting confidential information, businesses run the risk of prosecution by the Office of the Information Commissioner.

"Ensuring that confidential information is disposed of responsibly is an essential part of compliance with the data protection legislation."

He added: "The BSIA has produced a Security Waste Audit which will help businesses assess whether their waste is being disposed of securely.

"The Association advises engaging the services of a BSIA information destruction company to shred all confidential material. By making sure that you have confidential waste disposal procedures in place, you will protect not only your business, but also your customers from the risk of identity fraud."

Meanwhile, specialist firm Converged Solutions says the problem of securely eradicating data held on redundant storage devices is cropping up more and more.

Director Kevin Foster said: "We are all aware of how important it is to keep information secure. Secure storage is one area, but what happens when this information is no longer needed? Compliance with legislation requires today's businesses to be compliant, safe and to provide a secure method of eradicating data held on redundant storage devices. Total data destruction is the only answer."