Most Small UK Businesses Have No Security Oversight

PhotoSmaller UK businesses typically don’t assign an employee to be responsible for information security education and implementation—and are becoming fraud victims as a result.

As detailed in its State of the Industry report, appropriately-named information destruction expert Shred-it has found that nearly half (46%) of small business owners have no employee responsible for managing data security issues internally. Even more concerning, more than a quarter (27%) of small businesses do not have information security policies and procedures in place at all.

And, a third of those who do have policies in place admit to never training their employees on their protocols.

If data security is not made a priority, businesses are left exposed to data breaches, fraud, heavy legal fines from the Information Commissioner’s Office (ICO) and other regulatory bodies, and loss of customers and business partners—all of which can cause irreversible damage.

Since April 2010, the ICO has issued over £7 million worth of fines to organizations that have experienced a data breach. Despite such high figures and the irreversible damage to a company’s reputation as a result of a breach, businesses are still not doing enough when it comes to data security, the report concluded.

In addition to appointing a data protection officer, companies can reduce the risk of workplace fraud by implementing a few best practices. For instance, surprise audits: Conduct unscheduled workplace audits to assess how employees process, store and destroy confidential information.

Frequent training on the risks of fraud and how to prevent it is also important, along with education about vulnerable areas in which to avoid leaving confidential information in the office and off-site.

Shred-it is also calling on the UK government to implement legislation to ensure all businesses have a dedicated employee responsible for raising awareness of the importance of data security, understanding changes to legislation and enforcing data security procedures in the workplace.

“There is a strong correlation between data security practices and data breaches. Introducing legislation which mandates an employee specifically responsible for raising awareness of data security in the workplace and implementing a ‘culture of security’, will help protect businesses  against fraud and help them avoid financial or legal penalties,” said Robert Guice, SVP, EMEA, Shred-it.

To ensure all companies in the UK follow similar standards in data protection compliance, Shred-it has also urged the government to introduce legislation which ensures organizations have dedicated employees responsible for managing and monitoring data security issues on a day-to-day basis.

Photo © alexskopje

What’s Hot on Infosecurity Magazine?