Small businesses complacent on cyber security, says study

By Canadian Pizza July 9, 2014

Features Business and Operations Staffing

July 9, 2014, Toronto – A new study looking at the information security
habits of Canadian small business owners and high-level executives
suggests business
leaders are becoming complacent.

While Canadians are more
aware of information security risks than ever before, Shred-it’s fourth
annual Security Tracker report shows business leaders have taken little
to no
action to decrease risk of reputational damage or disruption to their
business operations.

According to the study conducted by Ipsos Reid, small business owners
are more aware today than they were in 2013 of the legal requirements
concerning confidential data in their industry. Yet, for the second year
in a row, only 46 per cent acknowledge having a protocol for storing and
disposing of confidential data that is strictly adhered to by all
employees, and 31 per cent admit to having no protocol in place
whatsoever. Further, only 12 per cent of those surveyed admit to having
both a locked container and a professional shredding service.

High-level (c-suite) respondents share similar views to small business owners as it
relates to information security. Only 42 per cent of c-suite executives
admit to having a protocol in place for storing and disposing of
confidential data that is strictly adhered to by all employees, and only
half concede to having a locked container and a professional shredding
service. The study also found that 10 per cent of c-suite respondents
admit to throwing out sensitive documents without shredding them, a
number which has risen significantly since last year.

“Organizations need to do more to ensure the safety of their
confidential physical documents and digital data. Prioritizing
information security by implementing policies and protocols that address
all types of confidential information will decrease business risk,” said
Bruce Andrew, executive vice-president at Shred-it, in a media statement. “When you factor in
the cost of recouping damages from a security breach, not to mention the
reputational damage they can cause, it is increasingly necessary that
business leaders educate themselves and action on best practices in
information security.”

The security tracker also revealed that 63 per cent of small business
owners have no cyber security policy in place for destroying digital
assets, and almost half of small business owners surveyed have never
disposed of hardware containing confidential information. When compared
to the 33 per cent of c-suite executives who acknowledged having no
cyber-security policy in place, it is clear there is plenty of room for
improvement.

Canadian organizations are not alone in their battle to protect
information and safeguard against digital data breaches. The Privacy
Commissioner and Industry Canada have implemented legislation to govern
how the private sector collects, uses and discloses personal
information. That said, when grading the government’s response to
information security, only 55 per cent of c-suite executives give the
Canadian government a passing mark, suggesting the other half of
respondents would like to see improvements.

Shred-it offers the following suggestions to help business leaders
protect confidential information and begin establishing a culture of
security:

Demonstrate a top-down commitment from management to the total
security of your business and customer information.
Implement formal information security policies; train your employees
to know the policies well and follow them strictly.
Eliminate potential risk by introducing a “shred-all” policy; remove
the decision-making process regarding what is and isn’t confidential.
Conduct a periodic information security audit.
Introduce special locked containers instead of traditional recycling
bins for disposing of confidential documents.
Don’t overlook hard drives on computers or photocopiers. Erasing hard
drives does not mean data is destroyed. Physical hard drive
destruction is proven to be the only 100% secure way to destroy data
from hard drives.