The 2013 Shred-it Information Security Tracker indicates that an alarming number of small businesses (69 percent) are not aware or don't believe data being lost or stolen would result in financial impact and harm to their businesses credibility.
This false sense of security is putting businesses at risk. In fact, the study found that:
- Forty per cent of small business owners have no protocols in place for securing data, a five percent increase from last year.
- More than 1/3 of the small business report that they never train staff on information security procedures.
- Forty eight per cent have no one directly responsible for management of data security.
- Only 18 per cent would encourage new data privacy legislation requiring stricter compliance and penalties to information security threats.
C-Suite Executives
It is crucial that businesses of all sizes take proactive steps to protect against data breaches. The 2013 Security Tracker found that more C-suite executives (12 percent) reported financial losses of more than $500,000 due to data breaches this year than in previous years; yet, 23 per cent of the C-suite executives surveyed do not believe a data breach will impact their business. At the same time, while awareness of legal requirements among C-suite executives was up four percent from 2012, only 16 per cent report training employees on protocol twice a year, down 11 per cent from 2012.
Best Practices
Shred-it offers the following tips to help businesses safeguard their business information and recommends that companies consider these security procedures:
- Analyze possible security gaps in one's organization, and within your supply chain, and work with security experts to assess existing security systems.
- Implement ongoing risk analysis processes and create a policy specifically designed to limiting exposure to fraud and data breaches.
- Regularly train employees in proper document management and encourage their adoption of security best practices.
- Utilize special locked consoles to house sensitive materials that are waiting to be properly shredded.
- Implement a "shred-all" policy so that all unneeded documents are fully destroyed on a regular basis.
- Don't overlook hard drives on computers or photocopiers; physical hard drive destruction is proven to be the only 100% secure way to destroy data from hard drives permanently.
- Have up-to-date and effective computer network protection, including anti-virus software and a firewall.
In today's global business climate, businesses small and large are operating in increasingly expansive supply chains, outsourcing services to various vendors and sharing sensitive information to facilitate business transactions. As touch points in the supply chain increase, so does risk and businesses need to hold each other to a higher security standard. All it takes is one breach for many reputations to be damaged.
With that in mind, U.S. companies should consider re-evaluating the risks associated with sharing data with members of their supply chain. Do these partners also demonstrate a commitment to information security? By creating a far-reaching information security policy that encompasses business partners and suppliers, companies can do a more effective job of protecting the confidential data of all Americans.
Companies looking to put an information security policy and process in place are urged to apply for a free risk assessment service by a trained and background checked Shred-it representative. An online risk assessment survey is also available on the website. This will help you to determine how you are managing confidential information and the information destruction process. Having a system in place will better protect the overall business supply chain against the impact of a data security breach.
