You might think businesses in Australia fear data breaches caused by offshore hackers, malware or outright scams. But it turns out most view human error as a larger threat to information security than deliberate theft or sabotage from a third party.
Human error or accidental loss by an employee is identified as the biggest source of a potential data breach. Despite this, almost a third of small and medium sized businesses and five per cent of larger organisations said they had either never trained their staff on information security policies or didn't have these policies in place.
A further third said they had no documents that would cause their business harm if stolen, despite the fact that all businesses deal with confidential information such as employee records, customer information and other personal, financial and proprietary company data.
These results came from global information security company Shred-it’s second annual Australian Information Security Tracker study, based on responses from more than 1,100 businesses in Australia.
"The issue of employee error is understandably a large concern to businesses in Australia," said William White, National Sales Manager, Shred-it Australia. "Deceptively simple actions such as leaving paperwork containing client information on your desk or throwing old invoices in the recycling bin could potentially have a damaging impact on any organisation."
"Leaked confidential information can not only hurt a company's reputation but also put them on the wrong side of the law. Businesses must understand the responsibility they have to ensure their employees fully understand how to handle and dispose of information. An educated workforce is one of the first steps to ensuring your organisation is protected from data thieves."
When it comes to disposing of confidential information in a physical format, larger organisations are more inclined to have a formal policy for shredding documents prior to disposal compared to small or medium businesses.
Additionally, large organisations are three times more likely to invest in external services for disposing of confidential information, with improved safety and security cited as the most common reason.
Additionally, whilst 82 per cent of large organisations and 63 per cent of small or medium businesses claim to be auditing their organisation's information security procedures or protocols at least once a year; a staggering one quarter of small business owners claim to be rarely or never doing this.
Implementing policies, such as a Clean Desk policy in the workplace, and ensuring staff are trained on these will ensure that staff are not leaving documents in plain sight whilst away from their desk and disposing of all sensitive information securely. However this is not a widespread practice, with only 23 per cent of small to medium businesses having a formal policy, compared to 48 per cent of larger organisations.