Estimated reading time: 3 minutes, 36 seconds

Small Businesses in the Dark about Potential Impact of a Data Breach

Many U.S. small businesses are taking a passive approach when it comes to protecting their data leaving themselves vulnerable to data loss and possible financial and reputational damage. A recent study conducted by Ipsos Reid on behalf of Shred-it, a world-leading information security company, revealed that small businesses do not fully comprehend the impact a data breach could have and as a result, are not safeguarding sensitive information as thoroughly as they should.

The 2013 Shred-it Information Security Tracker indicates that an alarming number of small businesses (69 percent) are not aware or don't believe data being lost or stolen would result in financial impact and harm to their businesses credibility.

This false sense of security is putting businesses at risk. In fact, the study found that:

  • Forty per cent of small business owners have no protocols in place for securing data, a five percent increase from last year.
  • More than 1/3 of the small business report that they never train staff on information security procedures.
  • Forty eight per cent have no one directly responsible for management of data security.
  • Only 18 per cent would encourage new data privacy legislation requiring stricter compliance and penalties to information security threats.
"As we celebrate National Small Business Week, we're urging companies to be vigilant when it comes to information security," said Mike Skidmore, Privacy & Security Officer, Shred-it. "We have seen a consistent increase in small businesses without security protocols in place and a crucial first step for practicing effective information security is improving awareness of policies and procedures. Organizations face a lot of risks, but enforcing sensitive data safeguarding as a company-wide practice will potentially avert both significant financial and reputational damage."

C-Suite Executives
It is crucial that businesses of all sizes take proactive steps to protect against data breaches. The 2013 Security Tracker found that more C-suite executives (12 percent) reported financial losses of more than $500,000 due to data breaches this year than in previous years; yet, 23 per cent of the C-suite executives surveyed do not believe a data breach will impact their business. At the same time, while awareness of legal requirements among C-suite executives was up four percent from 2012, only 16 per cent report training employees on protocol twice a year, down 11 per cent from 2012.

Best Practices
Shred-it offers the following tips to help businesses safeguard their business information and recommends that companies consider these security procedures:
  • Analyze possible security gaps in one's organization, and within your supply chain, and work with security experts to assess existing security systems.
  • Implement ongoing risk analysis processes and create a policy specifically designed to limiting exposure to fraud and data breaches.
  • Regularly train employees in proper document management and encourage their adoption of security best practices.
  • Utilize special locked consoles to house sensitive materials that are waiting to be properly shredded.
  • Implement a "shred-all" policy so that all unneeded documents are fully destroyed on a regular basis.
  • Don't overlook hard drives on computers or photocopiers; physical hard drive destruction is proven to be the only 100% secure way to destroy data from hard drives permanently.
  • Have up-to-date and effective computer network protection, including anti-virus software and a firewall.
Supply Chains
In today's global business climate, businesses small and large are operating in increasingly expansive supply chains, outsourcing services to various vendors and sharing sensitive information to facilitate business transactions. As touch points in the supply chain increase, so does risk and businesses need to hold each other to a higher security standard. All it takes is one breach for many reputations to be damaged.

With that in mind, U.S. companies should consider re-evaluating the risks associated with sharing data with members of their supply chain. Do these partners also demonstrate a commitment to information security? By creating a far-reaching information security policy that encompasses business partners and suppliers, companies can do a more effective job of protecting the confidential data of all Americans.

Companies looking to put an information security policy and process in place are urged to apply for a free risk assessment service by a trained and background checked Shred-it representative. An online risk assessment survey is also available on the website. This will help you to determine how you are managing confidential information and the information destruction process. Having a system in place will better protect the overall business supply chain against the impact of a data security breach.
Read 4802 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.