The regulator says many firms still underestimate the risk of data loss and fraud to their businesses and the impact it could have on consumers.
Director of financial crime and intelligence Philip Robinson says firms should be encrypting laptops and transferring data via secure internet links to third parties.
He also says financial details should be masked where they are not necessary for staff to do their jobs and a senior manager should be appointed with overall responsibility for data security.
Robinson adds that many small firms are too reliant on compliance consultants to meet their regulatory obligations.
He says: “Many compliance consultants don’t understand the importance of data security within firms and at the end of the day it is the firm’s responsibility to ensure they have adequate systems and controls in place.”
The warning follows an FSA review of data security at 39 firms including banks, building societies, insurance companies and financial advisers.
Robinson says data security is a key priority for the FSA and it will visit a random sample of 200 firms to assess their security systems and ensure adequate measures are in place.
The FSA will publish a fact sheet to assist senior management at small firms in understanding their data security responsibilities.