UK businesses are putting themselves at risk of fraud resulting from a security breach by not assigning an employee to be responsible for information security education and implementation within their organisation,warns information destruction specialist, Shred-it.
According to a recent Shred-it survey nearly half (46 per cent) of small business owners have no employee responsible for managing data security issues, compared to just eight per cent of C-suites. Even more concerning, the results revealed more than a quarter (27 per cent) of small businesses do not have information security policies and procedures in place; a third of those who do admit to never training their employees on these protocols, according to Shred-it’s Security Tracker 5.0.
As an official supporter of Fraud Week which took place 15-21 November, Shred-it is calling on the UK government to implement legislation to ensure all businesses have a dedicated employee responsible for raising awareness of the importance of data security, understanding changes to legislation and enforcing data security procedures in the workplace.
Robert Guice, senior vice president EMEA, Shred-it commented:
“There is a strong correlation between data security practices and data breaches. Introducing legislation which mandates an employee specifically responsible for raising awareness of data security in the workplace and implementing a ‘culture of security’, will help protect businesses against fraud and help them avoid financial or legal penalties.”
Since April 2010, the Information Commissioner’s Office (ICO) has issued over £7 million worth of fines to organisations that have experienced a data breach. Despite such high figures and the irreversible damage to a company’s reputation as a result of a breach, Shred-it claims that businesses are still not doing enough when it comes to data security.