Human error the biggest security risk

Australian businesses view human error as a larger threat to information security than deliberate theft or sabotage from a third party.

That’s the view according to information security company Shred-it’s second annual Australian Information Security Tracker study, which surveyed more than 1100 businesses.

The survey shows that businesses are at risk of damaging data breaches caused by human error due to inconsistent knowledge of information security risks and poor implementation of security policies and protocols.

Human error or accidental loss by an employee is identified as the biggest source of a potential data breach, with 38% of C-Suite executives and 46% of small business owners recognising this as an area of concern.

Despite this, 29% of small and medium-sized businesses (SMEs) and 5% of larger organisations said they had either never trained their staff on information security policies or didn’t have these policies in place.

A further 33% of SMEs said they had no documents that would cause their business harm if stolen, despite the fact that all businesses deal with confidential information such as employee records, customer information and other personal, financial and proprietary company data.

“The issue of employee error is understandably a large concern to businesses in Australia,” said William White, national sales manager of Shred-it Australia.

“Deceptively simple actions such as leaving paperwork containing client information on your desk or throwing old invoices in the recycling bin could potentially have a damaging impact on any organisation.

Leaked confidential information can not only hurt a company’s reputation but also put them on the wrong side of the law, added White.

“Businesses must understand the responsibility they have to ensure their employees fully understand how to handle and dispose of information,” he said. “An educated workforce is one of the first steps to ensuring your organisation is protected from data thieves.”

Physical security a bit better

When it comes to disposing of confidential information in a physical format, larger organisations are more inclined to have a formal policy for shredding documents prior to disposal compared to SMEs.

Additionally, large organisations are three times (45%) more likely than SMEs (15%) to invest in external services for disposing of confidential information, with improved safety and security cited as the most common reason.

Additionally, while 82% of large organisations and 63% of SMEs claim to be auditing their organisation’s information security procedures or protocols at least once per year, a staggering one-quarter of small business owners claim to be rarely or never doing this.

Implementing policies, such as a clean desk policy in the workplace, and ensuring staff are trained on these will ensure that staff are not leaving documents in plain sight while away from their desk and are disposing of all sensitive information securely.

However, this is not a widespread practice, with only 23% of SMEs having a formal policy, compared to 48% of larger organisations.

“The Shred-it 2016 Security Tracker demonstrates the urgent need for all Australian businesses to closely evaluate their organisation’s policies and to implement protocols, such as a clean desk policy and Shred-it All policy, to ensure that their confidential information remains secure and they do not put themselves at risk of a damaging data breach,” White said.