Case Studies

Shredding survey

by msecadm4921

Small and medium-sized enterprises (SMEs) in the UK are not taking basic precautions to protect confidential data because they still do not believe that losing private information will have any impact on their business, according to new independent research commissioned by Shred-it, a UK document destruction company.

 

 

Despite the threat of crippling fines and severe reputation damage, over half (59.8pc) of the small and medium-sized companies surveyed for the second annual Shred-it Security Tracker said they did not believe that the loss or theft of data from their organisation would any impact on their business, up a worrying 10 per cent from the 2011 survey.  

 

“This year’s findings are particularly worrying, as they show SMEs becoming increasingly lax about information destruction as they just do not see any consequences for poor security procedures”, says Robert Guice, Executive Vice President, EMEA, Shred-it.  

 

This lack of concern could be the reason why over one-third of SMEs (35.4pc) admitted that they had no protocols in place for the storage and disposal of confidential data, over three quarters of our respondents (76.6pc) either do not provide any training for employees on company information security procedures (26.6pc), or do so only on an ad hoc basis (50pc).

 

The survey among 1,004 UK SMEs, undertaken by IPSOS MORI, also revealed a possible reason for the sector’s lack of concern about information security.  Nearly a quarter of SMEs(23.1pc) admitted to being not very or not at all aware of the legal requirements for storing, keeping or disposing of confidential data in their industry.  This compares poorly with businesses with more than 250 employees where 94pc of those responding said they were aware in some form of the Data Protection Act.  

 

“What we are seeing is a lack of awareness of the legal requirements, and complacency about the likelihood of being prosecuted and fined for breaching them, really coming through into a worrying lack of control over the way information is stored and disposed of by small and medium-sizes enterprises”, Robert Guice added.  

 

According to the Information Commissioners Office’s (ICO) annual report, there was a 21 per cent decrease in the number of data protection cases received between 2009 and 2011 and a 9 per cent decrease in the number of cases closed. This suggests that more needs to be done to combat data protection breaches by both the private and public sector in the UK. 

 

The report also suggests:

 

Nearly half of SMEs (46.4pc) said they did not have anyone specifically responsible for managing data security issues

12.8 per cent of UK SMEs have no provision in place to shred sensitive documents

822 SMEs in our survey (81.9pc) use an in-house shredding machine, but of those  almost three quarters (72.2pc) do not have anywhere secure to store documents before being shredded

Just 5.4 per cent of SMEs use a professional shredding company compared to 43 per cent of larger firms (those with over 250 employees)

 

Electronic storage

 

With more information being stored in electronic form, it is equally worrying that nearly three out of every four SMEs (77.4pc) could be giving away private information to fraudsters by not properly disposing of or destroying hard drives.  Over ten per cent (12.8pc) of respondents do not know how their business disposes of old computers and other electronic devices and a further 14.4 per cent simply recycle them with no attempt to remove or destroy the information kept on them.  

 

Beyond SMEs

 

Larger firms (with more than 250 employees) say that they are aware of the legal framework protecting sensitive and confidential information in this country with 94 per cent of those responding to our survey saying they were aware of the UK Data Protection Act as enforced by the Information Commissioners Office.  As a result nearly all have protocols in place to manage information securely and around half train their staff on these protocols at least once a year.  

 

However, there is a worrying gap between the management discipline of putting people and protocols in place and actually making sure information is secure.  For all the good intentions of the larger companies surveyed, 28pc still do not provide any secure places for sensitive documents to be stored before being put through an in-house shredding machine and 78.9pc admitted to not safely destroying electronically stored information on hard drives in PCs, laptops, USBs or smartphones.   

Related News

  • Case Studies

    Web application attacks

    by Mark Rowe

    Vulnerabilities in web applications have enabled hackers to damage diplomatic relations, access lists of patients at plastic surgery clinics, and steal from…

  • Case Studies

    Press-ups completed

    by Mark Rowe

    Employees from Incentive Lynx Security completed a 10,000 press-up charity challenge at King’s Cross Station on Friday, March 28. The team of…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing