Businesses know the importance of keeping their data safe, whether it is to comply with GDPR or to protect sensitive information about the company from being leaked. However, despite being aware of securing private files, a recent report found more than half of firms leave 1,000 documents exposed. The 2019 Global Data Risk Report from computer security company Varonis revealed 53 per cent of businesses had more than 1,000 sensitive files that could be accessed by all employees, amounting to nearly a quarter of all their folders, Help Net Security published.  It also found 38 per cent of users had passwords that never expire and nearly two-thirds of companies (61 per cent) have more than 500 users with passwords of this kind. As a result of this, 40 per cent of businesses had over 1,000 enabled – but stale – users, meaning half of all accounts were, in fact, defunct. Varonis Field’s CTO Brian Vecci stated companies have not changed their ways despite the introduction of GDPR one year ago. Indeed, 87 per cent of businesses have more than 1,000 stale sensitive files, and as much as 71 per cent have over 5,000, putting them at risk of a fine under GDPR legislation.  Mr Vecci went on to say: “The level of sensitive data exposure and oversubscribed access that most organisations are living with should set off alarm bells for corporate boards and shareholders.” Companies alarmed by the figures could take action to better protect their sensitive files and, subsequently, themselves. However, Mark Harper from office tech company HSM reminded firms that confidential data destruction might need to be done professionally to ensure the documents are properly damaged. “Shredding sensitive data at an incorrect or unknown level can nearly be as detrimental as not shredding at all,” he told Professional Security Magazine Online.