A security shredding service contract company is calling upon UK SMEs to take action to combat fraud within the workplace during International Fraud Awareness Week.
With months to go until the EU-wide General Data Protection Regulation (GDPR) is enforced across the European Union including the UK regardless of the Brexit referendum, SMEs could face fines in the face of a fraudulent data breach, as the new regulation tightens the rules governing data security and increases the maximum penalty for infringements. Despite this, Shred-it’s 2017 Security Tracker found that some 84pc of UK small business owners are completely unaware of the forthcoming legislation.
The firm says that SMEs are a prime target for fraudsters because their security systems are generally not as robust as those of larger enterprises. According to Shred-it’s latest Security Tracker, 47pc of small businesses that have suffered a data breach say it was the result of deliberate theft or sabotage.
Mobile technology and smart devices, which enable employees to work remotely, have also opened a avenue for cyber fraudsters to access corporate data. And further findings from the Tracker suggest how the threat is exacerbated, with more than half of small business owners (55pc) admitting they do not monitor the frequency at which employees remove confidential information from the office.
Training employees on data security matters is a valuable solution. However, the Tracker found that four in ten, 41pc of SMEs in the UK have no policy in place for training employees on information security procedures – a 10pc increase from 2015.
Neil Percy, VP Market Development and Integration EMEAA, Shred-it, says: “Information security training still sits low on the list of business priorities for most small companies. However, as we reach the six-month countdown to the GDPR, it is vital to ensure employees are trained to protect both their own information, as well as information belonging to colleagues, customers and other stakeholders. Action must come from the top – executives and managers should foster a culture of security among their employees by being proactive when it comes to data security. Training should also be refreshed on a regular basis.”
Shred-it offers six data security tips for employees against fraudulent data breaches:
1. Encourage your colleagues to adopt a Clean Desk Policy. That means locking away all information when you’re away from your desk to hide it from prying eyes.
2. Educate your co-workers on the most vulnerable areas within the workplace. The printer area, for example, is a hotbed for sensitive information. Ensure your colleagues get into the habit of collecting their printing at once.
3. Encourage your team to only take documents from the workplace if essential when working remotely. Flexible and mobile working is essential, but information must be treated with the same care when out of the office.
4. Check your office shredder. If one of your colleagues has responsibility for shredding documents using one of these machines, it may not be as secure as you think. They often strip-shred documents meaning they can be easily reconstructed by widely-available scanning software. And documents are often left unsecured while awaiting shredding. A specialist service using cross-shredding technology is more secure.
5. Implement a Shred-it All Policy, where ALL paper is securely destroyed prior to recycling, eliminating the risk of human error as individuals are not left to determine which documents should be considered confidential.
6. Conduct a risk audit to take stock and document exactly how your data is processed, stored, retrieved and destroyed. If you haven’t already, introduce risk assessments which identify areas where an individual’s personal data could be most at threat. Last year alone, Shred-it’s Certified Information Security Professionals conducted more than 5,000 workplace data security surveys in the UK.
