Implementing and enforcing data security protocols can help an organisation maintain trust with both internal and external stakeholders. Key to this is employee engagement.
Yet Shred-it’s 2014 Information Security Tracker, an independent study carried out by Ipsos Mori, discovered that fewer than half of the UK’s large businesses and less than two thirds of SMEs train their staff on information security procedures on a regular basis (once a year or more).
Reputation is an important asset – a powerful, yet intangible and fragile one that serves as a magnet, attracting attention and often new business. While most businesses work hard to build and maintain a positive reputation with stakeholders, many underestimate how severely a data breach could undermine these efforts, potentially causing clients, staff and the wider public to lose trust in the organisation and long-term damage to the brand. With this in mind, the protection of business, employee and customer information should be of vital concern to all organisations.
All over the news
Data breach incidents are never far from the news – whether it’s hackers accessing eBay accounts or government officials leaving documents on a train. According to the Ponemon Institute’s 2014 Cost of a Data Breach study, 40 per cent of data breaches suffered by UK companies occur as a result of negligence, making it the leading cause. So it follows that implementing proper information security and data destruction protocols that are understood and adhered to by all employees is essential in protecting against identity theft and the reputation damage that can result from a security breach.
However further results from our 2014 Security Tracker reveal that regardless of size, organisations are not doing enough to make information security part of their business culture. In particular almost a third of larger companies (32%) said their employees either didn’t have a protocol to refer to, they had one but not all staff were aware of it or they were not aware that one existed. Furthermore, nearly a third of SMEs (30%) said they did not have anyone in their business who was specifically responsible for managing data security issues.
There is also a worrying gap between the management discipline of putting people and protocols in place and actually making sure information is secure. In the UK, nearly a quarter of SMEs (24%) surveyed for the 2014 Security Tracker admitted that they never audit their information security procedures and protocols. The equivalent figure for larger organisations was – perhaps even more surprisingly – not much better at 23 per cent.
Data theft can occur when employees leave documents or electronic devices — such as old computers or memory sticks — unsecured, or dispose of them via non-secure recycling or general waste streams. Fraudsters have become increasingly determined and will retrieve confidential data through means such as looking into dustbins (often referred to as ‘bin raiding’) or hacking ‘wiped’ hard drives. This means that companies need to make sure that not only are they safely storing data, but that they are educating their employees on how best to securely dispose of it as well.
With identity theft and security breaches making headlines regularly, consumers are keenly aware of how easily personal information can be compromised and have the expectation that the organisations entrusted with their information are taking proactive measures to protect their confidential data.
How can your company prevent it?
The bulk of data breaches, whether malicious or accidental, happen internally within an organisation. As such, an information security policy is only as strong as the employees that adhere to it. As fraud and identity theft continue to be a reality in today’s business world, it is crucial for organisations to take proactive measures against these threats in order to maintain stakeholder trust.
When assessing whether your organisation has effectively cultivated a culture of security, here are some useful questions you may want to ask yourself:
· Does my organisation have the facilities and resources necessary to ensure that confidential information is protected?
· Are information security policies clear, easy to understand and effectively communicated to all employees?
· Does the company have an employee that manages and takes responsibility for data security issues – and ensures that all policies are strictly followed?
· Are employees regularly and thoroughly trained on data protection and privacy regulations and the importance of protecting sensitive information?
If the answer to any of these questions is ‘no’, there is a very real danger that employees will fail to understand the importance of following information security protocols, potentially putting your business and your customers at serious risk of data breaches and fraud.
It is the responsibility of every organisation, large and small, to take proactive steps to ensure that client and company information is adequately safeguarded. In doing so, a business protects not only its clients but also its reputation — and potentially even its very existence.
To learn more about data security issues that affect all UK businesses visit Shred-it’s online Resource Centre which provides a wealth of advice and information.