July 9, 2014
Canadian businesses continue to be complacent about information security
Toronto, ON – Business leaders are becoming increasingly complacent, says Shred-it’s ‘4 th Annual Security Tracker’. While Canadians are more aware of information security risks than ever before, business leaders have taken little to no action to decrease risk of reputational damage or disruption to their business operations.
The study indicates that organizations need to do more to ensure the safety of their confidential physical documents and digital data. Prioritizing information security by implementing policies and protocols that address all types of confidential information will decrease business risk. As well, small business owners are more aware today than they were in 2013 of the legal requirements concerning confidential data in their industry. Yet, for the second year in a row, only 46 per cent acknowledge having a protocol for storing and disposing of confidential data that is strictly adhered to by all employees, and 31 per cent admit to having no protocol in place whatsoever. Further, only 12 per cent of those surveyed admit to having both a locked container and a professional shredding service.
C-suite respondents share similar views to small business owners as it relates to information security. Only 42 per cent of c-suite executives admit to having a protocol in place for storing and disposing of confidential data that is strictly adhered to by all employees, and only half concede to having a locked container and a professional shredding service. The study also found that 10 per cent of c-suite respondents admit to throwing out sensitive documents without shredding them, a number which has risen significantly since last year.
“Organizations need to do more to ensure the safety of their confidential physical documents and digital data. Prioritizing information security by implementing policies and protocols that address all types of confidential information will decrease business risk,” says Bruce Andrew, executive vice-president at Shred-it. “When you factor in the cost of recouping damages from a security breach, not to mention the reputational damage they can cause, it is increasingly necessary that business leaders educate themselves and action on best practices in information security.”
The security tracker also revealed that 63 per cent of small business owners have no cyber security policy in place for destroying digital assets, and almost half of small business owners surveyed have never disposed of hardware containing confidential information. When compared to the 33 per cent of c-suite executives who acknowledged having no cyber-security policy in place, it is clear there is plenty of room for improvement.
Canadian organizations are not alone in their battle to protect information and safeguard against digital data breaches. The Privacy Commissioner and Industry Canada have implemented legislation to govern how the private sector collects, uses and discloses personal information. That said, when grading the government’s response to information security, only 55 per cent of c-suite executives give the Canadian government a passing mark, suggesting the other half of respondents would like to see improvements.
“At Shred-it we assist businesses and federal government agencies in meeting compliance requirements brought forth by the Privacy Commissioner. We believe the government has done an excellent job focusing on the safety and security of individuals as part of its national security agenda,” says Andrew. “The secure destruction of confidential information is our top priority and we will continue to advocate for compliance education in Canada.”
Shred-it offers the following suggestions to help business leaders protect confidential information and begin establishing a culture of security:
Demonstrate a top-down commitment from management to the total security of your business and customer information
Implement formal information security policies; train your employees to know the policies well and follow them strictly
Eliminate potential risk by introducing a “shred-all” policy; remove the decision-making process regarding what is and isn’t confidential
Conduct a periodic information security audit
Introduce special locked containers instead of traditional recycling bins for disposing of confidential documents
Don’t overlook hard drives on computers or photocopiers. Erasing hard drives does not mean data is destroyed. Physical hard drive destruction is proven to be the only 100 per cent secure way to destroy data from hard drives