· 2 min read · News

Younger firms more of a data security risk


Younger businesses are considerably less certain on how long they are legally required to retain documents

Young businesses are twice as likely to compromise the confidentiality of sensitive information than more established firms, according to research from enterprise information management firm Iron Mountain.

Half (48%) of organisations under five-years-old said they had left sensitive documents lying about the office, had mislaid them completely, or had lost them in a public place. This is twice as many than more established firms, where fewer than one in four (23%) had made similar information management mishaps.

Despite this, young firms said they were doing little to address the situation, preferring to prioritise expansion into new markets (80%) or product development (54%). The majority (76%) said they have no plans in place to automate key information management processes such as HR.

Younger businesses were also found to be considerably less clear on how long they are legally required to retain documents such as tax records, contracts, and customer data, making these organisations more likely to put the safety of this information at risk.

For example, more than half (59%) of professionals at companies between one- and five-years-old admitted they could be keeping sensitive HR records beyond their retention deadline. This is compared with just 20% at firms with more than 25 years in business.

Elizabeth Bramwell, UK commercial director at Iron Mountain, said that data security can often be a low priority for new businesses. “The first five years of a business’s life are often dedicated to rapid growth as the organisation establishes itself in the market,” she said. “The start-up phase is a busy one, so it’s perhaps understandable that information management mistakes are more likely to happen during this time. However, whether you’re a new or established business the law is the law, so it’s vital that confidential information is protected.

“If bad information habits are left unchecked and effective processes aren’t put in place, young businesses face severe legal and reputational consequences that could fast erode customer confidence and threaten the very survival of the business.”

According to separate research from cloud-based email company Mimecast, 64% of organisations believe their business will be negatively affected by cyber crime in 2017.

It found 57% of UK businesses have seen a rise in phishing emails in the past three months, and a 47% rise in such emails targeted specifically at their organisation or an individual working there. Phishing emails attempt to obtain sensitive information, such as password data or bank details, from the recipient.

The research also found 73% of UK businesses believe a malicious email attachment would be the most likely way to infect their firm with ransomware (software that blocks access to the computer system until money is paid).

Chancellor Philip Hammond recently warned that cyber threats for businesses are increasing. “Business has to sharpen its approach as the scale of the threat from cyber increases and intensifies," he said.