Small Business Leaders Urged to Prioritise Data Security Training as a First Line of Defence Against Workplace Fraud

LONDON, November 13, 2017 /PRNewswire/ --

• 47% of small businesses that have suffered a data breach say it was the result of deliberate theft or sabotage, yet the number of UK SMEs saying they have no information security training policies in place has risen 10% in two years, says Shred-it.

With small businesses more exposed to data security threats than ever before, Shred-it is calling upon UK SMEs to take action to combat fraud within the workplace this International Fraud Awareness Week.

Emerging technology has helped SMEs take advantage of new business opportunities, but has also presented fresh opportunities for fraudsters. Malicious or criminal attacks are now the primary root cause of data breaches. The average cost to remedy such breaches totalled £2.48 million in 2017^[1].

In addition, with six months to go until the General Data Protection Regulation (GDPR) is enforced, it is more important than ever before for small businesses to understand the risks. Failing to do so could expose SMEs to punitive fines in the face of a fraudulent data breach, as the new regulation tightens the rules governing data security and increases the maximum penalty for infringements. Despite this, Shred-it's 2017 Security Tracker found that an alarming 84% of UK small business owners are completely unaware of the forthcoming legislation.

SMEs are a prime target for fraudsters because their security systems are generally not as robust as those of larger enterprises. According to Shred-it's latest Security Tracker, 47% of small businesses that have suffered a data breach say it was the result of deliberate theft or sabotage.

Mobile technology and smart devices, which enable employees to work remotely, have also opened an additional avenue for cyber fraudsters to access corporate data. And further findings from Shred-it's 2017 Security Tracker show how the threat is exacerbated, with more than half of small business owners (55%) admitting they do not monitor the frequency at which employees remove confidential information from the office.

Training employees on data security matters is a valuable solution. However, Shred-it's 2017 Security Tracker found that 41% of SMEs in the UK have no policy in place for training employees on information security procedures - a 10% increase from 2015.

Neil Percy, VP Market Development & Integration EMEAA, Shred-it, commented: "Information security training still sits low on the list of business priorities for most small companies. However, as we reach the six-month countdown to the GDPR, it is vital to ensure employees are trained to protect both their own information, as well as information belonging to colleagues, customers and other stakeholders."

"Action must come from the top - executives and managers should foster a culture of security among their employees by being proactive when it comes to data security. Training should also be refreshed on a regular basis."  

Ahead of the six-month countdown to the General Data Protection Regulation (GDPR), Shred-it has developed six essential data security tips for employees to help in the fight against fraudulent data breaches:

1. Encourage your colleagues to adopt a Clean Desk Policy. That means locking away all information when you're away from your desk to hide it from prying eyes.
   
2. Educate your co-workers on the most vulnerable areas within the workplace. The printer area, for example, is a hotbed for sensitive information. Ensure your colleagues get into the habit of collecting their printing immediately.
   
3. Encourage your team to only take documents from the workplace if absolutely essential when working remotely. Flexible and mobile working is essential, but information must be treated with the same care when out of the office.
   
4. Check your office shredder. If one of your colleagues has responsibility for shredding documents using one of these machines, it may not be as secure as you think. They often strip-shred documents meaning they can be easily reconstructed by widely-available scanning software. And documents are often left unsecured while awaiting shredding.  A specialist service using cross-shredding technology is more secure.
   
5. Implement a Shred-it All Policy, where ALL paper is securely destroyed prior to recycling, eliminating the risk of human error as individuals are not left to determine which documents should be considered confidential.
   
6. Conduct a risk audit to take stock and document exactly how your data is processed, stored, retrieved and destroyed. If you haven't already, introduce risk assessments which identify areas where an individual's personal data could be most at threat. Last year alone, Shred-it's Certified Information Security Professionals conducted more than 5,000 workplace data security surveys in the UK, helping businesses understand their information security risks.

About Shred-it 
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. Shred-it, a Stericycle solution, operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit http://www.shredit.co.uk.

1. IBM Ponemon Institute 2017 Cost of Data Breach UK Study