The branch that you searched for does not have a page in your preferred language. Would you like to visit the branch page on the #CODE# site?
Protect your business from an information breach with a regularly scheduled paper shredding service.
Boxes and filing cabinets stuffed with old documents? Get our one-off document destruction service.
Storing or just erasing obsolete hard drives could cost you millions in a data breach. Let us securely destroy your electronic data.
Confidential information can be found on more than paper: we destroy CD-ROMs, USB drives, and data tapes.
From uniforms to identity cards, speciality shredding destroys information wherever it’s found.
Help your business prepare for The General Data Protection Regulation (GDPR) with our GDPR Awareness workshop.
Get a Quote
Back To Resource Centre
In this issue, we will discuss how effectively British businesses are protecting confidential information and what businesses of all sizes can do to improve their security practices and protocols.
When it comes to information security, businesses may not be doing as well as they think in protecting their and their clients’ confidential information. Earlier this year, Shred-it commissioned a survey called the Information Security Tracker to find out if British businesses are doing enough to protect their own confidential information as well as the their client’s information. The survey asked large and small businesses to share their attitudes, protocols and practices towards information security. The results of the survey demonstrated that there are businesses of all sizes that are not making information security a priority. The question is: who is doing more to protect client and business data – large or small businesses? Or, is business size not a factor in proper information security procedures? In order to gain an understanding of who is more on top of document security, we will look at how big and small businesses responded to relevant questions from the 2012 Information Security Tracker.
When asked if they were aware of the legal requirements of storing, keeping or disposing of confidential data in their industry, 95 percent of large businesses admitted to being at least somewhat aware of the requirements, while only 77 percent of small businesses could say the same. This brings a question to mind – if a business is not at least somewhat aware of what is legally required of them, how can they ensure they are taking the proper precautions?
While it’s essential that businesses know what is compulsory from a legal perspective, an information security policy is not effective unless it is shared with all staff. The survey asked respondents if their company had a known and understood protocol for storing and disposing of confidential data. Again, large businesses demonstrated that they understand the significance of awareness as it relates to information security – 92 percent said they had a protocol, while only 58 percent of small businesses said they had a protocol in place.
For employees working at any given company, having knowledge of their organisation’s data security policies is vital. At the same time, it’s possible that an employee may be trained on these procedures when hired but then never given subsequent training. The Information Security Tracker sought to find out more about how often companies are training employees on relevant security procedures.
Only 10 percent of large businesses and 8 percent of small businesses train their staff twice a year, while a fair number train on an annual basis (36 percent of large businesses compared to 10 percent of small businesses). Many companies opt to only train on an ad hoc or as-needed basis (50 percent of large businesses compared to 31 percent of small businesses); however, a number of organisations provide training only once during their staff’s employment (21 per cent of large businesses compared to five per cent of small businesses).
One step that can help an organisation ensure that these policies are communicated to staff is to appoint an employee to be directly responsible for managing data security issues. Few large businesses surveyed (19 per cent) have an individual filling this role, while only five per cent of small businesses have designated an employee to fill this position.
Data breaches have the potential to cause serious implications for businesses of any size, including a loss of money, reputation, clients and more. In an effort to learn more about how seriously businesses consider breaches, the survey asked: in the event that data from your company was lost or stolen, how would this impact your business? Large businesses seemed to understand the complications that could arise as a result of a breach, as only 23 percent of large businesses indicated a data breach would not seriously affect their business. Small businesses were less likely to recognize the severity of a breach with 60 percent answering the same.
As technology continues to advance, organisations need to be aware that there are increasingly more items containing sensitive data. In the survey, businesses were asked how they dispose of aging or obsolete computers (or other data-storing electronics such as smartphones or photocopiers) that are no longer used. A relatively equal number of large and small businesses answered that they simply recycle these items (5 percent of large businesses compared to 15 percent of small businesses) along with erasing, wiping or degaussing contents then recycling (72 percent of large businesses compared to 52 percent of small businesses). With both of these methods, sensitive information could potentially be retrieved – the best way to ensure data is not recovered is to have the hardware fully destroyed– something that only 23 percent of both of large businesses small businesses are doing.
Data breaches may seem like they are not a source of concern for businesses that have not been affected by one. However, reforms to the EU Data Protection Directive, which were set out by the EU Justice Commissioner Viviane Reding earlier this year, see more powers being given to national data protection authorities so they can better enforce the EU rules at home. In the UK, this would mean the Information Commissioner’s Office being empowered to fine companies up to either €1 million (£837,106) or two per cent of the global annual turnover. Eighty per cent of large businesses are aware of these proposals while under half of small businesses had the same response (40 per cent).
The Information Security Tracker revealed that large businesses overall seem to be more on top of their procedures; however, it also showed that there are organisations of all sizes that have gaps in their policies and there are areas for improvement. It is crucial to be vigilant when seeking ways to safeguard data. In order to strengthen their data security measures, businesses should consider the following tips:
Consider holding regular training sessions for all employees on proper information security procedures
Appoint an individual or committee responsible for managing data security procedures
Conduct an annual information security audit and risk assessment to identify potential sources of data loss
Establish a shred-all policy that is communicated to all employees
Ensure that all pieces of obsolete technology are fully destroyed or crushed so that information cannot be recovered
To learn more about Shred-it services or to book your FREE security assessment. Visit www.shredit.co.uk
You can also visit Shred-it on Facebook and LinkedIn or follow us on Twitter at @Shredit_uk.
Fill out the form or call 0800 197 1164 to start protecting your business today!