UK businesses are putting themselves at risk of fraud resulting from a security breach by not assigning an employee to be responsible for information security education and implementation within their organisation, the UK’s leading information destruction expert, Shred-it, has warned.
Nearly half (46%) of small business owners have no employee responsible for managing data security issues a Shred-it survey conducted by Ipsos MORI found, compared to just 8% of C-suites. Even more concerning, more than a quarter (27%) of small businesses do not have information security policies and procedures in place; a third of those who do admit to never training their employees on these protocols, according to Shred-it’s State of the Industry report.
This year, Shred-it is an official Fraud Week supporter and to mark the event, Shred-it is calling on the UK Government to implement legislation to ensure all businesses have a dedicated employee responsible for raising awareness of the importance of data security, understanding changes to legislation and enforcing data security procedures in the workplace.
“There is a strong correlation between data security practices and data breaches. Introducing legislation which mandates an employee specifically responsible for raising awareness of data security in the workplace and implementing a ‘culture of security’, will help protect businesses against fraud and help them avoid financial or legal penalties,” says Robert Guice, Senior Vice President EMEA, Shred-it.
Since April 2010, the Information Commissioner’s Office (ICO) has issued over ?7 million worth of fines to organisations that have experienced a data breach. Despite such high figures and the irreversible damage to a company’s reputation as a result of a breach, businesses are still not doing enough when it comes to data security.
To ensure all companies in the UK follow similar standards in Data Protection compliance, Shred-it urges the Government to introduce legislation which ensures organisations have dedicated employees responsible for managing and monitoring data security issues on a day-to-day basis. If data security is not made a priority, businesses are left exposed to data breaches, fraud, heavy legal fines from the ICO and other regulatory bodies, and loss of customers and business partners - all of which can cause irreversible damage.
In addition to appointing a Data Protection Officer, companies can reduce the risk of workplace fraud by following these all important tips:
· Surprise audits: Conduct unscheduled workplace audits to assess how employees process, store and destroy confidential information.
· Employee training: Frequent training on the risks of fraud and how to prevent it.
· Education: Educate employees about vulnerable areas to avoid leaving confidential information in the office and off-site.
· Remain vigilant: Teach employees how to identify the behaviours associated with workplace fraudsters and to report anything suspicious!
· Introduce a shred-all policy: Enforcing a Shred-all policy means all documents are destroyed prior to disposal or recycling, helping to ensure confidential information does not fall into the wrong hands through human error.
