June 22, 2012
More than one-third of SMEs (35.4%) admit that they have no protocols in place for the storage and disposal of confidential data, according to new research commissioned by Shred-It.
The Information Security Tracker survey was carried out by Ipsos Mori across the UK, the United States and Canada with 1,004 SMEs asked about their data protection practices.
The survey showed that more than half (59.6%) of the SMEs surveyed said they did not believe that the loss or theft of their data would have any impact on their business — up 10% from the 2011 survey.
While 81% of respondents use an in-house shredding machine, data stored on electronic devices is not protected by 12% of firms that simply recycle their old computers with no attempt to remove or destroy the information on them. In addition, 76.6% either do not provide any training for employees on company information security procedures or do so only on an ad hoc basis (50%)
As a result, the report suggests that nearly three out of every four SMEs (77.4%) could be giving away private information to fraudsters by not properly disposing of or destroying hard drives.
The survey also shows that many small firms are unaware of the legal aspects of data protection. 14.8% of SMEs admit that they are not aware of the legal requirements for storing, keeping or disposing of confidential data in their industry. And 23.2% are not aware of the key piece of legislation in this area, the Data Protection Act (DPA).