Australian SMBs at risk due to poor data security

Australian small and medium businesses are placing themselves at risk due to the way they approach and dispose of confidential information, according to information security company Shred-it.

SMBs are lagging behind larger enterprises in terms of their understanding and implementation of data security policies, research conducted by Shred-it shows.

The research shows that just two-thirds of SMEs have known protocols for storing and disposing of data, compared to 93% of larger organisations. In addition, half of companies revealed that not all employees are aware of these policies.

Just 50% of SMEs formally check their suppliers’ security policies, compared to 90% of large organisations.

“Whilst most Australian SMEs are aware of the legal requirements around storing information, the [research] revealed the urgent need for SMEs to more closely evaluate their organisations’ policies and implement steps to match the policies of large businesses in the market,” Shred-it Australia GM Eric Konicki said.

“It is important that businesses of all sizes understand the value of information and the implications of confidential information falling into the wrong hands.”

The research also shows that 38% of Australian SMEs do not know what impact new legislation regarding document destruction would have on their policies.

Shred-it recommends that Australian companies of any size should implement formal information security policies and train employees to strictly follow them. Companies should also consider a shred-all policy to remove decision-making over what is or isn’t confidential data.

Other recommendations include conducting periodic information security audits and ensuring old hard drives containing confidential data be physically destroyed.

Image courtesy of Sh4rp_i under CC