How to avoid data breaches? Start by addressing human error
Small businesses in the UK are failing to train staff on how to correctly identify and dispose of confidential information which could lead to a costly data breach.
A Shred-it survey conducted by Ipsos MORI found that although 24% of SME owners claim that human error, such as leaving sensitive information on desks, poses the biggest security risk to their organisation, 27% do not have information security policies and procedures in place. A third of those who do, admit to never training their employees on these protocols.
Even more concerning is the fact that 32% of small business owners are unaware of what constitutes confidential data, saying that they possess no information that would cause their business harm if stolen. However every business in the UK holds confidential data – from payslips to meeting agendas and employee or client records – that could lead to damaging financial, legal and reputational repercussions.
“Leaving documents on a desk or throwing a payslip in the bin could pose a huge risk to an organisation. But how can business owners expect their staff to understand how to deal with confidential information if they can’t even identify what is confidential?’ said Robert Guice, Executive Vice President, Shred-it EMEA.
He added, “Small businesses need to step up and take responsibility for ensuring that everyone in their organisation is aware of the sensitive data they hold. Putting in place protocols on how to deal with confidential information, or even adopting a ‘shred-all’ policy that all staff are aware of, is essential for SMEs to protect their businesses.”
Since April 2010, the Information Commissioner’s Office (ICO) has issued over £7 million worth of fines to organisations that have experienced data breaches. This is costing businesses millions of pounds; but despite such high figures, SMEs are still not doing enough to safeguard themselves against breaches from within their organisation. Investing in workplace training is key to ensuring that SMEs do not suffer costly fines which could cause irreversible financial damage.
Unlike SME owners, C-Suite executives are much more likely to train their staff on information security protocols, with 36% of C-Suite executives providing frequent data security training (twice a year or more frequently) compared to only 11% of SME owners. This regular data security training highlights that large businesses are more prepared and aware than their SME counterparts when it comes to preventing and identifying data security risks and avoiding financial penalties in the process.