10 July 2014
SMEs are four times as likely to have a secure document disposal console in-office in 2014, according to the fourth annual Security Tracker survey by Ipsos Mori.
But more than three-quarters of SMEs have either a recycling or waste bin at their employees' workspace - creating a danger that confidential information will be disposed of in the wrong place, says the study carried out on behalf of secure information destruction firm Shred-it.
The report, which examined both electronic and paper-based information, states that even though more SMEs are starting to realise that a data breach would have some impact on their business, fewer than half (46 per cent) could correctly identify the potential financial penalty for breaching the Data Protection Act.
Additionally, a fifth of them (21 per cent) also believe that they possess no documents that would cause their business harm if stolen, despite the vast array of commonly held information that should be treated as confidential - from employee records to client invoices.
While more SMEs (68 per cent up from 60 per cent in 2013) say they have some sort of existing protocol for storing or disposing of confidential data, 14 per cent still do not know if one exists within their company. Furthermore, a quarter of SME business owners (24 per cent) have never conducted an audit of their information security procedures and protocols to see if they are working effectively, highlighting potential security risks from inadequate policies.
Additionally, while two in five SMEs (40 per cent) have a policy for off-site work and working from home, a similar number (37 per cent) have no policy in place for either - a worrying trend given that flexible working is becoming more common, particularly around school holidays.
Robert Guice, executive vice-president Shred-it EMEA, said: "Technology is moving quickly and businesses in the UK need to keep up with this threat to their information security from electronic equipment such as laptops, hard drives and USBs. Unused or old equipment left sitting in offices offers a goldmine of sensitive information to data thieves. Companies need to seriously consider the damage to reputation if client or employee data is exposed."