Lack of responsibility over information security putting UK businesses at risk of fraud

UK businesses risk huge financial losses as a result of fraud.

  • 9 years ago Posted in
UK businesses are putting themselves at risk of fraud resulting from a security breach by not assigning an employee to be responsible for information security education and implementation within their organisation, the UK’s leading information destruction expert, Shred-it, has warned.
 
Nearly half (46%) of small business owners have no employee responsible for managing data security issues a Shred-it survey conducted by Ipsos MORI found, compared to just 8% of C-suites. Even more concerning, more than a quarter (27%) of small businesses do not have information security policies and procedures in place; a third of those who do admit to never training their employees on these protocols, according to Shred-it’s State of the Industry report. 
 
This year, Shred-it is an official Fraud Week supporter and to mark the event, Shred-it is calling on the UK Government to implement legislation to ensure all businesses have a dedicated employee responsible for raising awareness of the importance of data security, understanding changes to legislation and enforcing data security procedures in the workplace.
 
“There is a strong correlation between data security practices and data breaches. Introducing legislation which mandates an employee specifically responsible for raising awareness of data security in the workplace and implementing a ‘culture of security’, will help protect businesses  against fraud and help them avoid financial or legal penalties,” says Robert Guice, Senior Vice President EMEA, Shred-it.
 
Since April 2010, the Information Commissioner’s Office (ICO) has issued over ?7 million worth of fines to organisations that have experienced a data breach. Despite such high figures and the irreversible damage to a company’s reputation as a result of a breach, businesses are still not doing enough when it comes to data security.
 
To ensure all companies in the UK follow similar standards in Data Protection compliance, Shred-it urges the Government to introduce legislation which ensures organisations have dedicated employees responsible for managing and monitoring data security issues on a day-to-day basis. If data security is not made a priority, businesses are left exposed to data breaches, fraud, heavy legal fines from the ICO and other regulatory bodies, and loss of customers and business partners - all of which can cause irreversible damage.
 

In addition to appointing a Data Protection Officer, companies can reduce the risk of workplace fraud by following these all important tips:
·         Surprise audits: Conduct unscheduled workplace audits to assess how employees process, store and destroy confidential information.
·         Employee training: Frequent training on the risks of fraud and how to prevent it.
·         Education: Educate employees about vulnerable areas to avoid leaving confidential information in the office and off-site.
·         Remain vigilant: Teach employees how to identify the behaviours associated with workplace fraudsters and to report anything suspicious!
·         Introduce a shred-all policy: Enforcing a Shred-all policy means all documents are destroyed prior to disposal or recycling, helping to ensure confidential information does not fall into the wrong hands through human error. 
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...