By Jeremy Morris, Associate Business Editor, US Daily Review.
Shred-it, an information security company providing document and data destruction services, commissioned an independent survey with Ipsos Reid across the United States, Canada and the United Kingdom to gain insight on information security policies and procedures amongst small business owners and C-suite executives. The below results are specific to the United States.
- C-suite respondents (95%) are 18% more aware of the legal requirements of storing, keeping and disposing of confidential data than small business owners (77%).
- Although there was a 1% improvement from 2011, still, 35% of small business owners do not have a known or understood protocol in place for storing and disposing confidential data.
- 27% of C-suite respondents train staff twice a year on the company’s information procedures and protocols, while nearly the same percentage of small business respondents, 28%, never train staff on these protocols and procedures.
- 61% of C-suite respondents have a management-level employee responsible for managing the company’s data security issues, whereas, around half, 46%, of small business respondents do not have anyone directly responsible for mitigating risks. Moreover, 12% more respondents in 2012 reported that they do not have an employee directly responsible for managing data security and 8% less responded that they have a management level employee responsible for managing the company’s data security issues.
- More than half, 55%, of C-suite respondents are in favor of and would encourage a new data privacy law in the U.S. that would require stricter compliance. With the US currently not having a data protection law comparable to the EU’s Data Protection Directive, this is an interesting insight and could be one for policy-makers to take notice.
- Likely because C-suite respondents come from larger, more established and higher revenue-generating corporations, it’s not a surprise that 33% of respondents said that lost or stolen data would result in severe financial impact and would harm their credibility as a business. What is surprising is that the majority of small business respondents, 51%, said that lost or stolen data would not seriously impact their business. Furthermore, compared with 2011, small business respondents were less concerned (14% in 2012 compared to 21% in 2011), that stolen data would have a severe financial impact and harm to the business’ credibility.
- 47% of C-suite respondents have both locked consoles and use a professional shredding service to shred sensitive documents. 50% of small business respondents do not have secure locked consoles to house sensitive materials and instead, use in-office shredding vs. a professional shredding service.
- While 67% of C-suite respondents and 52% of small business respondents erase, wipe or degauss the content on data-storing electronics, their confidential data is still susceptible to breach.
“Security breaches within small businesses are on the rise as more small business owners continue to become technologically-savvy and use computerized systems and digital records to track their customer and financial information,” said Mike Skidmore, Privacy & Security Officer, Shred-it. “One year after Shred-it’s 2011 Information Security Tracker, it is unsettling to see that despite being aware of the legal requirements and protocols for securely destroying confidential materials, unlike C-suite executives at larger companies, small business owners are still not using that knowledge to proactively prevent and mitigate risk. As small companies evolve as a business, so must their information security measures.”
Information security is vital to all organizations, regardless of their size and net worth. For small businesses, data breaches cause nearly 80 percent to go bankrupt or suffer severe financial losses within two years of the breach, according to identity theft specialist John Sileo. Estimates from the Ponemon Institute and CyberFactors predict the loss for a large business could reach as much as $100-$225 million depending on the type of business and information lost.
Shred-it offers the following tips to help both small and large businesses safeguard their business information:
- Analyze possible security gaps in one’s organization and work with security experts to assess existing security systems.
- Implement ongoing risk analysis processes and create a policy specifically designed to limiting exposure to fraud and data breaches.
- Regularly train employees in proper document management and encourage their adoption of security best practices.
- Utilize special locked consoles to house sensitive materials that are waiting to be properly shredded.
- Implement a “shred-all” policy so that all unneeded documents are fully destroyed on a regular basis.
- Don’t overlook hard drives on computers or photocopiers; physical hard drive destruction is proven to be the only 100% secure way to destroy data from hard drives permanently.
- Have up-to-date and effective computer network protection, including anti-virus software and a firewall.
- Hire a reliable vendor that is well-informed and keeps you compliant with pertinent legislation, training requirements etc.