Small Business Leaders Lax on Security | eWeek

Small Business Leaders Lax on Security

smbs and security
Written By
Nathan Eddy
Nathan Eddy
Sep 27, 2016
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Midmarket business leaders are putting their reputation and long-term success at risk by not following protocol, according to an Iron Mountain survey of more than 4,000 across the UK, France, Germany, the Netherlands, Belgium, Spain and North America.

The survey revealed that although they handle their organization’s most confidential and sensitive information, midmarket managing directors and C-level executives could be the weakest link when it comes to safeguarding that information.

In comparison to employees across all levels of midmarket companies, CxOs topped the list of information-management sinners in all of these instances.

“The research shows that business leaders in the midmarket are more likely to put sensitive information at risk than any other employee,” Sue Trombley, managing director of thought leadership at Iron Mountain, told eWEEK. “It’s concerning that these leaders don’t realize that they put their company in jeopardy by their actions. The financial penalties for organizations who fail to meet data handling and security obligations are getting more severe and data breaches can destroy customer loyalty and impact the bottom line.”

She explained that among many small businesses, educating employees about how to manage information risk just isn’t seen as a priority.

“In fact, 21 percent of CxOs say they find the processes developed to protect and securely managing information according to policy are too complex and look for a workaround,” Trombley said. “This is disturbing, as the employees managed by these business leaders may adopt the lax practices, too.”

She noted education around these policies is critical to ensure that all employees, from C-level executives to administration, are aware of the policies in place and understand how to abide.

The research also shows that administrative staff rate well in comparison, but are still guilty of mismanaging information.

Just under one-third (29 percent) have left confidential information on the printer, one in five (21 percent) admit to having mislaid data or sending it to the wrong person and 15 percent admit to losing company documents in a public place.

“Organizations can run into roadblocks when they are not putting the right stakeholders in the room when policies and procedures are being written,” Trombley said. “All of the different stakeholders such as business leaders, legal, records and information management, privacy, security, compliance and IT have different business goals and objectives for their enterprise security strategy.”

Having everyone involved when designing and implementing the strategy helps create a defined and defensible process and a strategy that implicitly includes accountability, she said.

“But that must be followed by an investment in educating employees about the policy, a change management process to ensure its adoption, and a way to measure compliance in order to create a culture of risk mitigation,” she said.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.