From handling paperwork to secure IT disposals, UK firms seem to be behind their US counterparts when it comes to maintaining data security. Is there a reason for this?
First, there is a greater focus on training for data security in US firms according to the latest Security Tracker from Shred-it, which describes itself as the UK’s leading information security company. Based on research carried out by Ipsos, the 2018 Security Tracker reveals that only 37% of UK firms train their staff in information security policies and procedures – such as secure IT disposal – twice or more a year, compared to 50% of firms in the US.
What is more, despite remote working being recognised as an increasing trend, UK firms are failing to educate their employees about secure remote working as thoroughly as their US counterparts. For example, while most US companies (81%) train their employees about the importance of safeguarding sensitive information when working offsite, only 57% of UK firms do the same. In addition, devices taken offsite are sometimes lost or stolen and therefore cannot be covered by a secureITdisposal programme. Despite the potential data breach, only 65% of UK firms train their employees to report such occurrences, compared with 73% in the US.
Information security also goes beyond the data stored on computers, which can often be protected through secure practices and secure IT disposals for end-of-life equipment. Paper documentation can also be of concern, yet the US again leads the UK in giving staff training in appropriate ways to store and securely dispose of confidential paper documents, with 78% and 71%, respectively. US firms are also doing more to help their staff understand the legal requirements when dealing with confidential information, with 88% of firms providing training compared to 78% in the UK.
Ian Osborne, Shred-it’s UK & Ireland at Vice President, commented about the findings:
“In almost every arena studied, more of America’s large companies consider themselves to have a good data security posture than British counterparts – be it policies, procedures, trainings or audits. Even given the more demanding regulatory landscape in Europe around data security, clearly British businesses have ground to make up on American companies.”
A recent report from digital security firm Gemalto has also pointed to UK firms falling behind other European countries when it comes to cloud-based security. The report, “2018 Global Cloud Data Security Study”, indicates that not all companies are treating their cloud-based services with the same security. For example, many companies are wary about storing sensitive information like payment details on the cloud, preferring instead to keep them in house under their own security and secure IT disposal systems. According to the CTO for data protection at Gemalto, Jason Hart, this is a mistaken approach. He says:
“This may be down to nearly half believing the cloud makes it more difficult to protect data, when the opposite is true.
He goes on to add that while the cloud makes it easier to secure data, it should not be taken as given. He says that suitable controls like tokenisation and encryption at source can protect data and address compliance issues.