November 19, 2015

Risks of Lack of Responsibility over Information Security

Did you know that businesses in the UK lose £18.9 billion each year as a result of fraud? Fraud is one of the many damaging consequences that could arise from a data breach and may do some serious harm to your organisation if you’re not prepared.  If the right data security measures are put in place, your business, employees and customers will be better protected against fraud.

Where are businesses going wrong?

Worryingly, businesses are unwittingly placing themselves at risk by not prioritising data security in the workplace.

Our latest State of the Industry report  reveals that more than a quarter (27%) of small businesses do not  have information security policies and procedures in place, and a third of those who do, admit to never training their employees on these protocols.

The report also found that 46% of small business owners admit to having no employee responsible for data security within their organisation, meaning that information about fraud prevention and data security may not be filtering through to employees – despite 36% of SMEs claiming that they have data security training in place.

What needs to be done?

Business, both large and small, need to appoint a Data Security Officer in their workplace to be responsible for creating a culture of security in the workplace, helping raise awareness of information security and how it could possibly lead to fraud among all employees. For this initiative to be rolled out across workplaces in the UK, changes need to be made to current government legislation.

This year, Shred-it is an official International Fraud Awareness Week supporter and to mark the event, Shred-it is calling on the UK Government to put in place legislation to ensure all businesses have a dedicated employee responsible for raising awareness of the importance of data security, understanding changes to legislation and enforcing data security procedures in the workplace.

 While the government is yet to make such changes, here’s what you can do to help your employees improve their fraud awareness:

  • Surprise audits: Conduct unscheduled workplace audits to assess how employees store and destroy confidential information.
  • Employee training: Frequent training on the risks of fraud and how to prevent it.
  • Education: Educate employees about vulnerable areas to leave confidential information in the office and off-site.
  • Remain vigilant: Teach employees how to identify the behaviours associated with workplace fraudsters and to report anything suspicious!
  • Introduce a shred-it all policy: Enforcing a shred-it all policy means all documents are destroyed prior to disposal or recycling, helping to ensure confidential information does not fall into the wrong hands through human error. 

More tips on how to prevent fraud in the workplace can be found on Shred-it’s resource centre.