From the global WannaCry hack attack to Uber revealing a breach in November, it’s easy to see why every small-business owner should make protecting their data a priority
You don’t have to look far to find reasons to beef up your cybersecurity. When not even high-tech companies like Uber or government organisations like the NHS can’t avoid being breached, it’s easy to see why it’s important to ensure data doesn’t fall into the wrong hands. And with the General Data Protection Regulation (GDPR) coming into force in May, business leaders better move quickly as failing to protect or destroy sensitive data could land them a hefty £20m fine.
However, while firewalls can offer some protection, every successful cybersecurity strategy puts employees at its centre. Even though they may be your strongest asset, they are also your company’s weakest link. Not only are they often the target of social engineering attacks, but they can also become a liability offline unless effective policies are put in place.
For instance, a recent survey by Fellowes, the office-product specialists, highlighted that employees are not taking data protection seriously despite the financial risks to their employers. According to the study, 20% of UK office workers never shred documents, with 40% of employees admitting they often throw client data straight into the bin. A further 27% of people admitted to having left confidential papers in fax machines, photocopiers and scanners. Additionally, one in ten confessed to leaving confidential papers in meeting rooms or on their desktops.
Given this level of negligence, it’s hardly surprising that the last year has seen numerous occasions when sensitive information has been found in public areas. Not only were confidential child protection documents found blowing around a street in Leicester but private police documents have also been found in a park in Bath.
Commenting on the need to protect data, Darryl Brunt, UK sales and marketing director at Fellowes, said: “Despite the impending GDPR deadline, our research shows that many companies don’t appear to have systems and policies in place to protect sensitive information. It’s essential for businesses to have robust procedures in place to protect personal and confidential documents – including the secure shredding of obsolete sensitive paperwork.”
Fortunately, small-business leaders can protect themselves from being breached and being penalised under the GDPR by following a few simple steps.
The first step is to conduct sensitive information audits. This review would look at the best ways to manage records, protect sensitive information and destroy confidential documents. It also needs to assess the efficiency of your existing data protection protocols and identify any cost savings that can be made.
A second step is to set up an audit team that is dedicated to ensure your company upholds the standard put forward by the GDPR. Bringing together heads of department can ensure new data policies trickle down to employees in different areas of the business.
A third step is to train and re-train staff on data protection. Make sure all your employees are fully up-to-date with data protection laws ahead of new GDPR.
Add signage to shared workspaces and send weekly update emails to remote-workers highlighting GDPR risk.
Don't leave documents behind: Remember to check for any materials you might have left behind after working in public places.
Another important step is to make sure to destroy any confidential documents - from sales figures to CVs -you don't need. Ensure all employees have access to shredders.
This article comes curtesy of Fellowes, the office-product specialists.