Human error is the still the biggest risk for small and medium-sized enterprises (SMEs) in the UK as employers fail to train staff on company security.

A survey conducted by Ipsos MORI on behalf of information destruction firm Shred-It found that although 24% of SME owners claim that human error, such as leaving sensitive information on desks, poses the biggest security risk to their organisation, more than a quarter (27%) do not have information security policies and procedures in place. A third of those who do, admit to never training their employees on these protocols.

Even more concerning is the fact that a third (32%) of small business owners are unaware of what constitutes confidential data, saying that they possess no information that would cause their business harm if stolen. However every business in the UK holds confidential data — from payslips to meeting agendas and employee or client records — that could lead to damaging financial, legal and reputational repercussions.

Robert Guice, executive vice president, Shred-it EMEA, said: “Employee error is understandably a big concern for UK small business owners. Leaving documents on a desk or throwing a payslip in the bin could pose a huge risk to an organisation. But how can business owners expect their staff to understand how to deal with confidential information if they can’t even identify what is confidential?

“Small businesses need to step up and take responsibility for ensuring that everyone in their organisation is aware of the sensitive data they hold. Putting in place protocols on how to deal with confidential information, or even adopting a ‘shred-all’ policy that all staff are aware of, is essential for SMEs to protect their businesses.”