UK businesses are putting themselves at risk of fraud resulting from a security breach by not assigning an employee to be responsible for information security education and implementation within their organisation. So says an information destruction contract company.
Nearly half (46 per cent) of small business owners have no employee responsible for managing data security issues a Shred-it survey, by Ipsos MORI found, compared to just 8pc of C-suites. More than a quarter (27pc) of small businesses do not have information security policies and procedures in place; a third of those who do admit to never training their employees on these protocols, according to the firm’s report.
This year, Shred-it is an International Fraud Awareness Week supporter (November 15 to 21) and to mark that, the firm is calling on the UK Government to implement legislation to ensure all businesses have a dedicated employee responsible for raising awareness of the importance of data security, understanding changes to legislation and enforcing data security procedures in the workplace.
Robert Guice, Senior Vice President EMEA, Shred-it, said: “There is a strong correlation between data security practices and data breaches. Introducing legislation which mandates an employee specifically responsible for raising awareness of data security in the workplace and implementing a ‘culture of security’, will help protect businesses against fraud and help them avoid financial or legal penalties.”
Since April 2010, the Information Commissioner’s Office (ICO) has issued over £7m of fines to organisations that have experienced a data breach, the contract firm points out. Despite such totals and the damage to a company’s reputation as a result of a breach, businesses are still not doing enough when it comes to data security, it is claimed.
To ensure all companies in the UK follow similar standards in data protection compliance, Shred-it urges the Government to introduce legislation which ensures organisations have dedicated employees responsible for managing and monitoring data security issues on a day-to-day basis. If data security is not made a priority, businesses are left exposed to data breaches, fraud, heavy legal fines from the ICO and other regulatory bodies, and loss of customers and business partners – all of which can cause irreversible damage, according to the contractor. Visit www.shredit.co.uk.
