Australia observes Privacy Awareness Week – PAW – this week, which promotes and raises awareness of privacy protection issues and the importance of protecting personal information. The Office of the Australian Information Commissioner – OAIC – is reminding individuals and businesses about ‘Privacy in your hands,’ and their responsibility to protect personal information.
New research shows that privacy protection is an area that needs more attention from SMEs. The Shred-it 2016 Security Tracker research, conducted on behalf of Shred-it by Ipsos, which consists of responses from over 1100 Australian businesses, reveals that SMEs lag behind their larger counterparts when it comes to understanding information-security requirements and implementation of good privacy protection practices.
Privacy at risk
Deceptively simple actions, such as leaving paperwork containing client information on your desk or throwing old invoices in the recycling bin, could potentially have a damaging impact on your organisation. Leaked confidential information can not only hurt a company’s reputation but also put them on the wrong side of the law.
The research shows that Australian SMEs are at risk of damaging data breaches due to inconsistent knowledge of information security risks from everyday workplace behaviours and poor implementation of security policies and protocols. It reveals that:
Information security policies necessary to minimise risks
A staggering one quarter – 25% – of SMEs claim to rarely or never audit their organisation’s information-security procedures or protocols.
Implementing policies, such as a clean desk and Shred-it All, in the workplace, and ensuring staff are trained on these, will minimise the risk of staff leaving documents in plain sight whilst away from their desk or not disposing of all sensitive information securely. However, this is not a widespread practice, with only 23% of SMEs having a formal clean desk policy.
The research also revealed a lack of understanding and education among SMEs on the broader implications of a data breach:
There is an urgent need for SMEs to understand the responsibility they have towards private information of their business, customers and employees.
Keeping confidential data secure must be a key business priority and all employees must fully understand their role in handling information and disposing of it at the end of its useful life. An educated workforce is one of the first steps to ensuring your organisation is protected from data thieves.
Not sure where to start? In Part 2 next week, we will share tips on how to protect the privacy of your business.
William White, National Sales Manager, Shred-it Australia