Retailers still lack critical data security measures

Retail businesses in the UK still lack critical data security policies, procedures and trainings, according to a new report.

Data from secure paper shredding firm Shred-it’s annual State of the Industry Report showed 25% of retailers have no information security policies or procedures in place, and over 35% have no policy in place for storing and disposing of confidential paper documents.

Data security training also has significant gaps for retailers, with 40% not covering any of the foundational information security training areas with employees.

Additionally, few retailers are offering employees support in specific key areas:

• Only 32% have trained employees on the use of public WiFi
• Only 31% have trained employees on identifying fraudulent emails
• Just 40% have trained employees on reporting a lost or stolen device (a key issue under the new GDPR compliance rules)

The annual study exposes information and data security risks currently threatening UK enterprises and small businesses.

Neil Percy, vice president of market development and integration at Shred-it, said: “It might feel like rough justice for employees to be held to account when training is not comprehensive, but it reflects how difficult this process is, even for businesses with extensive resources.”

He added: “There may also be an assumption that some elements are common sense, but that potentially belies how easy it is to be duped by skilled phishers and hackers, or even to lose confidential info during the course of a busy day. Mindfulness is key and training helps.”

Percy pointed to a “lack of ubiquitous training” on GDPR, and suggested a large proportion of the British workforce is “not appropriately trained for the kinds of safeguards necessary under GDPR”.