Information Security 5 Years On: Insights from the 2015 Security Tracker Survey
Shred-it’s fifth annual Security Tracker research study is out! This year we have surveyed over 1,000 businesses in the UK to see what companies - from small enterprises to large corporations - are doing to protect their data and prevent a damaging security breach.
The survey reveals that despite a gradual improvement in information security awareness over the past five years, this awareness is just not translating into action for UK businesses,
Both small and large businesses claim to be following data security laws, with 98% of C-suites and 88% of SMEs saying that they’re up to speed with legal data protection requirements. However if this is the case, then why do almost a third of SMEs (27%) not have a protocol in place for storing, keeping and disposing of confidential data?
Shred-it’s Security Tracker results reveal that businesses are simply not following through with the necessary actions needed to protect their business from data security breaches. Businesses need to realise that by not taking action, they are putting customer and employee information at risk which could damage their company’s reputation and threaten existing business partnerships.
So where are businesses going wrong?
Not enough businesses are conducting regular information security audits. Just over half of C-suites (56%) and fewer than a third of SMEs (28%) conduct regular audits with a further 27% of SMEs admitting that they have no protocol in place. While this is progress among large businesses, it’s worrying that not enough SMEs have these protocols in place - and the ones that do, aren’t conducting regular checks to ensure they are actually being followed.
Are you an SME currently supplying a larger business? Did you know that some C-suites review the security protocols of the businesses they work with, so it’s good business sense to make sure your information security protocols are up to scratch!
Information disposal methods are also a weak spot for businesses, particularly among SMEs. Over a third of C-suites (35%) say they have a locked console in the workplace to store confidential information prior to disposal, as well as the services of a professional information destruction firm, compared to only 11% of SMEs.
It’s also concerning that only 10% of SMEs think that a data breach would seriously impact their organisation. Despite SMEs claiming to be ‘very aware’ of legal requirements, they are not so aware of the overall impact of lost or stolen data on their business, which would lead to financial loss and reputational damage.
How can SMEs kick-start their data security?
To reduce the risk of a security breach, our survey highlighted that SMEs need to take information security planning more seriously and:
conduct more frequent data security audits
train staff on information security procedures, including regular updates
safely dispose of unwanted confidential information
It’s time for UK businesses to take action before it’s too late. If you're not sure that your business is doing everything necessary to prevent an information security breach, check out our guide to fraud prevention to help with your information security planning.
Join the conversation on information security with Shred-it on Twitter @Shredit_UK