LONDON, July 8, 2014 /PRNewswire/ --
- With Photo
Businesses in the UK are putting customers and employees' confidential information at risk by not correctly disposing of electronically-stored information, the UK's largest secure information destruction firm has warned today.
(Logo: http://photos.prnewswire.com/prnh/20140708/656540-INFO )
New research from Shred-it reveals that a third of SMEs (32%) say they have never disposed of redundant electronic devices containing confidential information, while a further 35% do it less than once a year. Additionally, despite recent high-profile cyber security breaches at major firms based in the UK, more than half (51%) do not have a cyber-security policy implemented in the workplace.
The information destruction firm calls on all businesses in the UK to consider the risks posed by inadequate disposal of electronic storage devices, which could lead to fines of up to £500,000 being imposed by the Information Commissioner's Office (ICO), as well as significant reputational damage following a breach.
"Technology is moving quickly and businesses in the UK need to keep up with this threat to their information security from electronic equipment such as laptops, hard drives and USBs. Unused or old equipment left sitting in offices offers a goldmine of sensitive information for data thieves. Companies need to seriously consider the damage to reputation if client or employee data is exposed," warns Robert Guice, Executive Vice President Shred-it EMEA.
According to the fourth annual Security Tracker survey, which examined both electronic and paper-based information, even though more SMEs are starting to realise that a data breach would have some impact on their business, fewer than half (46%) could correctly identify the potential financial penalty for breaching the Data Protection Act. Additionally, a fifth of them (21%) also believe they possess no documents that would cause their business harm if stolen, despite the vast array of commonly-held information that should be treated as confidential - from employee records to client invoices.
Ambivalence towards data protection regulation
This survey found that the lack of knowledge regarding what constitutes sensitive data also translates to ambivalence towards data protection regulation. Two in five SMEs (41%) and their larger counterparts (42%) say they don't know if they would encourage stricter data protection laws in the UK even though this would help protect the confidential information of their clients and employees. Tellingly, a third of SME business owners (31%) say that the UK government's commitment to information security needs improvement.
"Laws are in place to take care of sensitive information therefore it's a worrying trend that knowledge of this regulation is not increasing. SMEs in particular feel the Government needs to do more to educate and inform on this important topic. We call on the Government to place more emphasis on this to help put information security at the top of the agenda," said Mr Guice.
Key findings on the effectiveness of policies
While more SMEs (68% up from 60% in 2013) are saying they have some sort of existing protocol for storing or disposing of confidential data, 14% still do not know if one exists within their company. Furthermore, a quarter of SME business owners (24%) have never conducted an audit of their information security procedures and protocols to see if they are working effectively, highlighting potential security risks from inadequate policies.
Additionally, while two in five SMEs (40%) have a policy for off-site work and working from home, a similar number (37%) have no policy in place for either, which is a worrying trend given flexible working is becoming more common, particularly around school holiday periods.
The report also reveals:
Notes to Editors
About the survey:
Ipsos MORI is one of the largest and best known research companies in the UK and a key part of the Ipsos Group, a leading global research company. With a direct presence in 60 countries our clients benefit from specialist knowledge drawn from our five global practices: public affairs research, advertising testing and tracking, media evaluation, marketing research and consultancy, customer satisfaction and loyalty.
Ipsos Mori conducted a quantitative online survey of two distinct sample groups: 1,005 Small business owners in UK (all of which have fewer than 100 employees), and 102 C-suite executives working for businesses in the UK with a minimum of 250 employees.
The fieldwork was conducted 28 April - 5 May 2014.
About Shred-it (http://www.shredit.co.uk)
Shred-it is the world's largest secure information destruction company with a fleet of over 2,000 trucks, operating in over 140 markets throughout 18 countries, employing 5,000 dedicated Partners, and serving over 300,000 clients.
Shred-it has branches in the following UK and Ireland locations: Belfast, Birmingham, Cardiff, Chippenham, Dublin, Edinburgh, Exeter, Glasgow, Leeds, London - Brentford, London - Stratford, Manchester, Milton Keynes, Newcastle, Nottingham, Portsmouth and Preston.
A picture accompanying this release is available through the PA Photowire. It can be downloaded from http://www.pa-mediapoint.press.net or viewed at http://www.mediapoint.press.net or http://www.prnewswire.co.uk.
For further information contact:
Sonali Makanji
Weber Shandwick
Phone: +44(0)20-7067-0349
Email: smakanji@webershandwick.com
Share this article