New research reveals that 24 per cent of UK SME owners believe human error is their biggest security risk.
The Shred-it survey, which was conducted by Ipsos MORI, also found that 27 per cent of SMEs do not have information security policies and procedures in place. A third of those who do admitted to never training their employees on these protocols.
What’s concerning is the fact that a third of small business owners are unaware of what constitutes confidential data, saying that they possess no information that would cause their business harm if stolen.
Every business in the UK holds confidential data – from payslips to meeting agendas and employee or client records – that could lead to damaging financial, legal and reputational repercussions, says Shred-it.
"Employee error is understandably a big concern for UK small business owners. Leaving documents on a desk or throwing a payslip in the bin could pose a huge risk to an organisation. But how can business owners expect their staff to understand how to deal with confidential information if they can’t even identify what is confidential?” said Robert Guice, Executive Vice President, Shred-it EMEA.
"Small businesses need to step up and take responsibility for ensuring that everyone in their organisation is aware of the sensitive data they hold. Putting in place protocols on how to deal with confidential information, or even adopting a ‘shred-all’ policy that all staff are aware of, is essential for SMEs to protect their businesses."
Shred-it is calling on SME owners to implement workplace training for all employees to eliminate the risk of a data breach, with the aim of enabling staff to spot and prevent potential human error-related slip-ups before a data security breach occurs.
To ensure that employees know what to look for when spotting data security risks in the workplace, Shred-it advises small business owners to follow these tips:
– Schedule regular information security audits to identify problem areas – and solutions.
– Introduce a shred-all policy, which means all documents are destroyed prior to disposal or recycling.
– Keep an inventory of all information that needs to be protected.
– Schedule on-going training so employees understand best practices for protecting confidential information in and out of the workplace.
– Ensure employees are informed about the risks associated with data protection breaches and are well trained on which documents they should consider shredding and how to dispose of electronic data.
Image source: Shutterstock