Poor IT habits putting one in 10 SMEs at risk

10% of small business owners and employees regularly share confidential files on personal devices or send documents to personal rather than work emails.

The findings, which show a significant lapse in data security amongst the UK’s five million plus small businesses, were highlighted in research* conducted by software developer Reckon.

Furthermore, the research found that a quarter of small business owners (25%) and their teams save documents onto their desktops rather than onto a central server.

16% of businesses aged 10 and under regularly email files to personal addresses in breach of data security guidelines, compared to just 7% of those aged 10-20 and 4% of those aged 20-35.

Surprisingly, these statistics were just as prevalent, in larger SMEs with a turnover of £10 million or more. Reckon’s survey found that the same 10% of these larger businesses sent documents to personal devices and a third saved documents on desktops rather than central servers.

Reckon believes the reasons behind these data breaches may include ease of access when working remotely, and keeping documents to hand rather than sorting through mismanaged folders.

Sending and saving documents incorrectly and to personal devices breaches basic data security guidelines and could even put employers and employees at risk of breaching Data Protection laws. Such practices also place confidential information at risk of hacks or unauthorised use and also mean that employers cannot provide complete audit  trails of documents within their own business.

Mark Woolley, commercial director for Reckon Software’s Virtual Cabinet, said: “It’s truly concerning that so many SMEs here in the UK are ignoring basic data protection rules. The findings are especially worrying where SME owners are involved, as they are placing their own business’ sensitive information at risk. Incorrectly managing data and information in this way can pose financial, reputational and security issues to a business; something that no business owner wants to have to deal with.

“Bad habits can easily stick, particularly amongst teams within businesses where there aren’t clear policies around data security. I’d urge new businesses to set guidelines around working with documents and emails at the outset in order to give themselves a headstart when it comes to keeping information safe”.

“Businesses should also consider that new legislation such as the General Data Production Regulation will incorporate additional data security into law, making adhering to basic practices of vital importance.”


GDPR Summit London is a dedicated event which will help businesses to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond.

Further information and conference details are available at http://www.gdprsummit.london/