Sarah Olsen, account manager to DocsCorp’s SMB clients in Asia Pacific, takes a closer look at the latest findings.
The HP Australia IT Security Study 2018 drew responses from over 500 Australian small-to-medium businesses (SMBs). The statistics highlight the challenges that come with tightened data privacy laws like the Notifiable Data Breaches scheme in Australia and the GDPR in Europe. These were the key findings:
1. Not enough SMBs have data privacy policies in place
SMB owners know what kind of negative impact a data breach can have not just on their business, but on their reputation. Despite this, less than 50% of Australian SMBs have policies in place to comply with the new Notifiable Data Breach scheme. Less than 20% of businesses had GDPR compliance policies in place prior to the enforcement deadline of May 2018.
2. Business owners are expected to take on the role of ‘IT security specialist’
According to the survey findings IT security is still considered the job of the business owner more than anyone else in the business. Much lower on that list are general IT staff members and other non-IT employees. SMB owners wear a lot of hats, and in recent years ‘IT security specialist’ has become a new role to fill. As well as operational, staff, sales, marketing, and general business responsibilities SMB owners are looked to when it comes to ensuring their networks aren’t vulnerable to risk.
Everyone in the business should be responsible for data privacy and protection
The rise of data breaches from human error – particularly those that come from sending an email to the wrong person or attaching the wrong file – tell us data privacy shouldn’t be siloed off. It is everyone’s responsibility to keep information safe.
SMB owners can – and should – give staff the right tools to defend against inadvertently causing a breach and apply the appropriate security measures to their networks. But a business owner can’t look over the shoulder of everyone in the business to double check that emails are going to end up in the right inbox.
One way to do this is to add set-and-forget measures that prompt and remind staff only when needed. cleanDocs, our solution for protecting information shared in email content and attachments, for example, only pops up when it identifies risk. This could be in the recipient list – if there are external or public domains, for example – or in the attachments – if documents need to be wiped clean of metadata.
We advise SMBs add additional defense against the most common causes of data breaches so staff can protect the information they share.
Learn more about email recipient checking as a way to prevent the most common types of data breaches.
Sarah Olsen is a Client Services Manager based in our Sydney office. Sarah works with users every day to help them get more out of the products they rely on. When she isn’t fielding calls, Sarah can be found taking a dip at Manly Beach or keeping fit on the netball court.