Why SMEs should have data protection concerns
Small businesses are putting confidential information at risk according to a new study, yet nearly nine in ten claim to be aware of their legal requirements.
Research from Shred-it suggests that 88% of SME business owners claim to be aware of the need to carefully manage data but less than a third are actually carrying out information security audits.
This is potentially putting the private data of both their own firms, and that of their suppliers and other clients, at risk.
It might be encouraging that so many firms are aware of their responsibilities but if it does not actually translate into any physical actions then they could still be under threat.
Not only could existing relations with other businesses be damaged but any issues could cost large amounts of finance to put right.
Just 27% of firms have the necessary protocols in place to adequately store or dispose of sensitive or confidential data, according to the study.
Many SMEs were also found to be unaware of the potential implications to business that can arise from not having the right processes in place
Only 10% of small businesses believe that a data breach would have a severe impact on their firm, yet there are a number of possible legal, reputational and financial repercussions.
A similar situation exists among C-suite executives – those holding chief positions with major firms –too, as 98% claim to be aware of legal requirements yet just 56% carry out any actions or security work.
Awareness among this group is increasing at a faster rate than among SMEs though, as 37% of C-suite recognise the potential risks attached to poor security.
Many problems surrounding data security can be easily managed with proper staff training into security procedures, regular security audits and by using safe methods relating to the disposal of information.
According to figures from the Ponemon Institute, the average data breach can cost more than £2.3 million, yet only 5% of SMEs voiced concerns relating to the possibility of severe financial losses.
However, even losses on a smaller scale than those noted above could still leave a small firm facing the threat of business insolvency.
Taking decisive actions relating to data and security is therefore vital to securing the long term future of firms, especially among those in the IT sector or who rely on similar types of services.
By Phil Smith