SMEs cannot afford to neglect proper data security practices in the workplace, especially since the introduction of GDPR in May. A recent report by the Zurich SME Risk Index found that 1 in 6 UK SMEs had been affected by cyber attacks in the past year, costing many of those impacted thousands of pounds. Despite this very real threat, the report also found that 49% of SMEs have allocated less that £1,000 a year toward preventing data breaches. The stark contrast between the potential severity of these cyber attacks and the few measures taken by UK companies paints a worrying picture in 2018.
One reason why smaller enterprises fail to protect themselves from data breaches is because of a lack of knowledge in regards to best practice. Here are some of the everyday data security improvements that can make a real difference when implemented in the workplace.
Monitor your physical documents
Though businesses are increasingly gravitating towards storing their essential documents digitally, many forget the potential risks posed by leaving physical documents in open view. A report published by the Information Commissioner's Office (ICO) in 2016 showed that 40% of data security incidents in the UK were related to paperwork.
With this in mind, SMEs should look to organise their documents thoroughly in order to track their location and status later on. Investing in a lockable storage cabinet, self-storage facility, or third-party company that specialises in the storage of sensitive information, for instance, is always a good idea. This allows people to arrange documents in a way that makes sense to them (i.e. by date or topic) while also restricting who has access to the data.
Another top tip is to spot potential places where a breach could occur – before the worst happens! One of the most common areas where documents are left unattended is in printer trays. Employees often accidently leave pages in these areas, making companies vulnerable to data theft by anyone who happens to be passing by. Checking these obvious – but often missed places – s a simple yet effective way to prevent data security incidents and can either be assigned to one member of staff or implemented as a general office policy.
SMEs should also consider creating a clean desk policy, whereby employees are required to leave their workspaces empty at the end of the day. This limits the possibility of data falling into the wrong hands.
Destroy your documents properly
Although it might be tempting to throw away paper documents or old hardware, a golden rule is to always securely destroy anything that contains confidential information on it. In fact, it’s the law! This could include employee NI numbers, client bank details or even corporate strategies – anything that could potentially be damaging to you and/or your customers.
SMEs, in particular, are likely to choose the route of throwing away old documents, based on the false beliefs that only larger companies are at risk of data breaches and that anything taken to landfill is secure. In fact, people looking to obtain a company’s private data often choose smaller businesses and startups who are less likely to have stringent measures in place.
One easy thing that SMEs can do is to invest in a high-grade office shredder, or a third-party company that can shred your documents either on or off-site. This ensures better protection all round, as there’s no risk of paperwork being put back together. It’s also good for the environment, as the paper can be recycled, and frees up valuable office or storage space.
Store your files digitally
In the long-term, every SME should look to transfer their physical documents online; this will result in fewer pieces of paper going missing – or being accidentally destroyed. A ‘digital first’ or ‘digital only’ approach also gives you greater control over who has access to your data and for how long.
Some SMEs may be put off by this as it can be a lengthy process to have to scan every piece of important paperwork. However, the end result will be an online space where your files can be retrieved in a matter of seconds, which ultimately saves time!
Educate employees about data security
As the old adage goes, ‘a chain is only as strong as its weakest link’. Similarly, any data security policies that SMEs implement are useless if employees do not have a solid understanding of data protection. Without training, best practices will fall apart and leave companies exposed.
Consider organising 1-to-1 sessions, small group workshops or creating online resources that people can access. The more your employees can police themselves, the less you and your managerial team have to do.
These are just some of the practices that SMEs can put in place to improve their overall data security. However, it’s important to stress that data security is constantly evolving; laws get changed and new ones introduced, and hackers are always finding new ways to exploit sensitive information, which businesses need to be prepared to react and find solutions to.
Lloyd Williams is founder and chairman of information management company Shredall SDS Group