May 30, 2016
UK companies are leaving themselves open to data theft as attention and resources shift towards tackling online risks such as cyber crime, and away from physical data security.
Research from Shred-it’s latest annual Information Security Tracker conducted by the independent research body Ipsos, found that 22% of C-suite executives and 40% of small and medium enterprise (SMEs) business owners perceive online threats as the biggest risk to their organisation in the next 5-10 years.
However, this ignores the more immediate risk from the loss of physical data, for example confidential paper documents or electronic storage devices such as USBs. Around a third of C-Suites expect the volume of paper used in their organisation to increase over the next five years, meaning more paper-based confidential information is likely to be produced and potentially left open to breaches.
Businesses need to act
Both C-Suites and SMEs also stated that the most likely source of a data breach today would be internal human error rather than deliberate sabotage by an external source. This emphasises the risk faced by organisations if they do not prioritise physical data security among their employees.
Why is this concerning? More than a third of SMEs (35%) have no policy in place for the storage and disposal of confidential data. And whilst the majority of C-Suites (70%) do have such a policy in place, almost a third (28%) say not all employees are aware of it! The absence of a policy that is followed by all employees could seriously impact a business through the risk of data loss, information security breaches and data protection legislation breaches if confidential information is kept longer than required or is not stored correctly. Firms that do have a policy need to take steps to train their staff to understand what documents are confidential and how to manage them securely.
Is flexible working increasing the risk?
The survey also identified that an increase in flexible working practices may be leaving the door open to potential security issues. While almost all C-suites and just over half of SMEs say that at least some of their employees adopt flexible/offsite working models, only 41% of C-suites and 32% of SMEs have policies in place for both off-site working and working from home. The risks surrounding flexible working practices include the loss of information through the increased threat of laptop and mobile device theft, the improper disposal of confidential documents through negligence and the difficulty of monitoring employees’ activity outside of the office.
The Government’s role
Over a third of SMEs said the Government’s commitment to information security needed improvement and a further 12% deemed it abysmal, highlighting that the Government needs to take action and help educate particularly smaller organisations about their information security responsibilities.
Over half of C-Suites said the Government’s response was mostly good but could be better, although 18% percent agreed it ‘needed improvement’ or was ‘abysmal’. The Government may yet need to take steps to improve its response, with further legislative changes expected at a European level over the next two years.
What can be done to minimise the risks?
The Government, security experts and UK businesses need to work together to educate and increase awareness of the effects of both cyber security and physical data security risks. Here are some tips and resources to help get you started in your organisation: