Learn how to proect your business from security breaches
Why small British businesses need to be more concerned over the impact of a potential information breach
In this issue we will take an in-depth look at new insight into the security habits and attitudes of small and medium sized businesses operating in Britain.
Start Download
The results from the independent survey – the Shred-it Information Security Tracker - conducted by Ipsos Reid and commissioned by Shred-it across Britain indicates that while small British business operators may understand the legal requirements of keeping information secure, many are failing to recognise the potentially devastating effects that a breach could have on their own business.
Given that the renowned Ponemon Institute estimates that a data breach costs, on average, £4.5 million to be put right1, the fact that half of all British businesses surveyed believe that their business would not be seriously impacted in the event that data from the company was lost or stolen. The unnerving fact however, is that if the correct procedures and protocols are not followed, a breach could very well occur to any business, be it large or small.
1. Being compliant - is your business aware of legal data security policies?
Ensuring that an organisation is compliant with legal requirements regarding data destruction policies is a basic necessity for any business but the research highlighted that that over a fifth (22 per cent) of firms classify themselves as either 'not at all aware' or 'not very aware' of their legal responsibility to keep secure confidential information relating to staff and customers.
So what can British organisations do to increase their awareness around legal data security policies? Some first steps to consider are:
- Stay informed – country legislation can change – a great resource is the Information Commissioner's Office’s site.
- Make sure you have formal information security policies in place; train your employees to know the policies well and follow them rigorously.
- Make sure you have formal information security policies in place; train your employees to know the policies well and follow them rigorously.
- Limit the number of people who handle confidential documents. Be careful when hiring new employees. Perform full reference checks and background checks and, where warranted, ask your new hires to sign confidentiality agreements.
- Demonstrate a top-management commitment to the total security of your business and customer information.
2. Implementing document destruction policies and protocols
Just half (48 per cent) of firms polled were able to confirm that they had undertaken a review of their secure document destruction processes during the last 12 months and, remarkably, a further 37 per cent conceded that they had either never reviewed these processes (21 per cent) or did not know when or if a review had been undertaken.
In order to avoid the risk of a data security breach it is important that small organisations implement information security policies and protocols:
- Introduce a “shred-all” policy that means all unneeded documents are fully destroyed on a regular basis.
- Conduct a periodic information security audit.
- Don’t overlook hard drives on computers or photocopiers. Erasing your hard drive does not mean that the data is gone. Physical hard drive destruction is proven to be the only 100 per cent secure way to destroy data from hard drives.
- Hire a reliable vendor that is well-informed and keeps you compliant with pertinent legislation, training requirements etc. Finding a vendor that provides you with a certificate of destruction upon completion is ideal.
3. 3. Training your employees on document destruction procdures
Ensuring that an organisation is compliant with legal requirements regarding data destruction policies is a basic necessity for any organisation and the research found that more than two thirds of British SMEs 68 per cent either never train their employees on company information security procedures and protocols (30 per cent), or do so only on an ad hoc basis (38 per cent).
Safeguarding data does not need to be an onerous task and there are simple steps any organisation of any size can take to minimise its risk factor. These include:
- Securely shredding confidential data - not simply placing it in recycling bins.
- Having a locked confidential paper receptacle in your office will ensure that no one has access to sensitive documents after they have been disposed.
- Limit physical access to storage closests and online access to sensitive or confidential files
By taking such steps and regularly reviewing security policies, organisations large and small can protect themselves from the significant long-term impact of a data breach. If staff are not aware that there are policies and procedures in place, mistakes may occur, which could prove potentially fatal to the future of the business.
YOUR FREE SECURITY CONSULTATION
To learn more about Shred-it services or to book your FREE security assessment, visit the Shred-it website.
1 http://www.symantec.com/about/news/release/article.jsp
Start Download