Many UK SMBs still lax in data protection, new study unveils

Strict new regulations set in place by the European Union this year are being treated rather superficially by some small and medium businesses (SMBs) in the UK, even though noncompliance can attract fines of up to 20 million euros, or 18 million pounds.

Although Britain is soon to separate itself from the EU, the country still has to obey the Union’s new law (GDPR) regarding data protection until Brexit time. Only 35% of SMBs have company storage centralized with on-site servers, while 29% use cloud-based storage solutions, and 23% of SMB employees reportedly use portable storage (such as USB drives) as their primary way to store company data, according to a poll by storage solutions maker Seagate.

Not only is storing company data in disparate locations highly risky, Seagate warns, it’s also time-consuming for staff sifting through documents to find what they need. As a case in point, the survey found 49% of UK SMB employees who work remotely report difficulty accessing work files out of the office. And 46% of staff at companies with 50-99 employees run out of space for data at least once per month.

Backup-wise, British SMBs seem quite conscientious. Backups occur on average 15.4 times per month (about once every two days), and 28% of those surveyed said they back up their data at least once per day.

Still, SMBs could do more to protect their data, Seagate found. 52% of workers at companies with 10-249 employees delete unused items from their work computers only once per month. 44% of UK SMB workers either aren’t sure of their company’s GDPR policy, or say it doesn’t have one.

15% said their company has suffered a data breach or cyberattack at some point in time, and 23% said their company has no incident response plan in place. Well over a third (37%) didn’t even know if there was such a plan in place.

Seagate advises lagging SMBs to communicate to their employees “the importance of following agreed procedures to ensure data is handled safely and effectively.”

At the other end of the spectrum, technology giants like IBM know all too well the dangers of carrying sensitive corporate data on portable media. In a new, company-wide policy instated earlier this year, the company began banning all removable storage, seeking to avoid potential financial and reputational damage stemming from a misplaced or misused USB drive.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at: