UK Businesses Putting Customers at Risk – Shred-it

Businesses in the UK are putting the confidential information of their customers and employees at risk by not disposing of electronically-stored data securely, the UK’s largest information destruction company has warned today.

Research from Shred-it reveals that two fifths (40%) of SME business owners have never disposed of electronic devices containing confidential information, such as HDDs, while a third (35%) do it less than once a year. In comparison, over half (56%) of larger organisations dispose of these devices every 2 to 3 months, according to Shred-it’s fifth annual Security Tracker survey.

Worryingly however 14% of larger businesses never securely destroy this type of digital storage or do it less than once a year. As larger companies often hold vast quantities of customer data, this is a real concern for all of us as consumers.

Storing redundant electronic devices in the office could lead to inadvertent breaches and offers a goldmine of sensitive information for data thieves. The loss or theft of HDDs containing confidential information, such as employee details and client information, puts businesses at significant financial, legal and reputational risk. Currently, the largest data breach fine issued by the body responsible for enforcing the Data Protection Act (the ICO) is £325,000, following the discovery of highly-sensitive data on HDDs sold on an online auction site.

Shred-it is calling on UK businesses and organisations to recognise the risks that inadequately destroyed, electronically-stored information pose.

“In the increasingly digital workplace, businesses place emphasis on cyber security, and rightly so; however they often neglect physical digital storage, not realising the wealth of confidential information contained on these devices. You wouldn’t leave a stack of documents containing confidential information sitting in the corner of your office or in a store cupboard gathering dust, so why leave a HDD where a data thief could easily access it?” warns Robert Guice, SVP Shred-it EMEA.

He adds: “UK businesses continue to hugely underestimate the risks that unused or old electronic equipment left lying around the office poses to their business, as well as the serious impact that could occur if this information was to fall into the wrong hands.”    
 
Simply deleting the information on HDDs does not mean that the information has been removed; this can only be ensured by physically destroying the HDD.

Tony Neate, CEO, Get Safe Online, a source of information and online security advice, supported by the UK Government, adds, “Just as it is easy for criminals to extract data from your company’s electronic devices, even after the information has been deleted, it’s also easy to put the right procedures in place to keep your sensitive company data secure. Make sure you fully erase HDDs by either using a dedicated file deletion program or service, and physically destroy the HDD so it is unusable. Taking your devices to a proper disposal facility and asking for a certificate is a good way of making sure this has been done properly and that no information will end up where you don’t want it to.”

Three Simple Workplace Guidelines Designed to Safeguard HDDs:   

1. Perform regular clear outs of storage facilities and avoid stockpiling unused HDDs
2. Physically destroy all unused HDDs at the end of their useful lives. Using a third-party provider who has a secure chain of custody and provides written confirmation of destruction, can help give you peace of mind and ensure your data is being kept out of the hands of fraudsters
3. Regularly review your organisation’s information security policy to incorporate new and emerging forms of electronic media

What types of electronic media can be destroyed?

• HDDs (from laptops, desktops, servers, copiers and more)
• Backup magnetic tapes (any type e.g. DLT, mini cartridges)
• Floppy disks (3.5-inch disk, 5.25-inch disks, and more)
• Zip disks (100MB, 250MB, and other large disks)
• Optical media (CDs, DVDs, Blu-ray, and HD DVD)

About the survey:
Ipsos MORI is one of the largest and best known research companies in the UK and a key part of the Ipsos Group, a leading global research company. With a direct presence in 60 countries our clients benefit from specialist knowledge drawn from our five global practices: public affairs research, advertising testing and tracking, media evaluation, marketing research and consultancy, customer satisfaction and loyalty. Ipsos Mori conducted a quantitative online survey of two distinct sample groups: Small business owners in UK (all of which have fewer than 100 employees), and C-suite executives working for businesses in the UK with a minimum of 250 employees. The fieldwork was conducted between 20 April and 3 May 2015.