A new survey conducted by Ipsos MORI for one of the UK’s leading experts in information security, Shred-it, has revealed that inadequate staff training is posing a huge threat to the integrity of small and medium sized businesses across the country.
The findings reveal that whilst 24 percent of SME owners realise that employee oversights – such as leaving sensitive information in highly accessible locations – constitute the most significant risk to their business, 27 percent of them have failed to put vital security procedures in place.
Anything from payslips to staff or client records can hold data that could seriously compromise a company’s financial and legal position as well as their reputation, but the survey found that a worrying 32 percent of business owners are unaware of what qualifies as confidential data, believing that they hold nothing that could pose a threat.
“Small businesses need to step up and take responsibility for ensuring that everyone in their organisation is aware of the sensitive data they hold. Putting in place protocols on how to deal with confidential information, or even adopting a 'shred-all' policy that all staff are aware of, is essential for SMEs to protect their businesses." says Robert Guice, Executive Vice President of Shred-it EMEA.
It seems that larger companies are far more likely to train employees on information security protocols; Shred-it claims that 36 percent of C-Suite executives provide regular data security training compared to just 11 percent of SMEs.
This is a damning comparison given that, in the past five years alone, The Information Commissioner’s Ofiice (ICO) has issued over £7 million in fines to companies that have suffered significant data breaches.