Since the introduction of GDPR last year, the way in which businesses and their employees handle sensitive information has come under intense scrutiny.
The potential consequences of mishandling data in the workplace are severe. Yet research suggests that across the country millions of workers are being slack with sensitive company information, putting the businesses they work for at risk of a data breach.
To put this in perspective, according to a recent survey we commissioned at Shred-it, nearly a fifth of office workers in the UK admit to making a catastrophic error at work by leaving sensitive information lying around or losing something important.
Furthermore, as a result of a mistake at work which led to a security concern, 40 per cent have had to go through a disciplinary process, and a staggering 23 per cent have even lost their job.
These results suggest that SMEs need to take a far more proactive approach to data protection.
So, what can businesses do?
First things first. Business leaders must stay up-to-date with privacy laws and understand what action – if any – they need to take to comply – particularly post-Brexit. The Information Commissioner’s Office website provides clear guidance on this.
It’s also important to remember that data protection refers to both digital information, as well as paper records.
For digital data, companies can take simple steps to ensure they comply with GDPR, including setting secure usernames, passwords and PINs for all devices, installing anti-virus software and a firewall on hard drives, avoiding posting confidential information on social media, avoiding the sharing of files on public Wi-Fi, and avoiding opening files or links from an unknown sender.
As with digital data, companies should also have strict internal procedures in place to deal with the protection of their confidential information. Important documents containing personal information left on printers, desks and in bins are also a compliance risk. Inadequate long-term storage of paper documents, such as archives with unrestricted access, are a key point of vulnerability.
Best practice should include providing locked confidential information consoles that are easily accessible and introducing clean desk policies for everyone to follow in the company.
Businesses should also arrange for the secure destruction of documents after use or after prescribed periods of mandated storage, keeping only digital copies of essential files in an encrypted format.
However, above all else, businesses must have a strict policy on data protection that is communicated clearly across the organisation and updated whenever necessary, in order to avoid a potential breach and the disastrous repercussions that may follow.
By Ian Osborne
Ian Osborne is Vice President for UK & Ireland at Shred-it, the information security specialist.