, October 12, 2016 – As National Small Business Week kicks off October 16, 2016, Shred-it is reminding leaders of small-to-medium sized businesses (SMBs) to protect themselves against one of the most costly business risks: an information security breach.
A data breach among SMBs may not make headlines, but the results can be devastating nonetheless. According to the 2016 Shred-it Security Tracker Survey conducted by Ipsos, 45 percent of SMBs believe their business wouldn’t be affected by a data breach. On the contrary, the Ponemon 2016 Cost of a Data Breach
study revealed that the average cost per lost or stolen record is approximately $278 dollars
. This financial loss and reputational harm is overwhelming for any sized organization, but can be especially damaging to SMBs who are not often equipped to absorb severe financial loss. Not only could a breach erode customer trust and drive consumers away, but it could actually put SMBs out of business.
“It’s easy to understand that smaller-sized businesses try to minimize costs until they begin to get off the ground and gain momentum. At the same time, any financial savings gained from reducing costs in certain areas like information security will be easily surpassed in costs and reputational damage related to a breach,” said Kevin Pollack, SVP at Shred-it. “The cost of implementing training on information security protocols and procedures is a small price to pay in comparison with the costs of regulatory fines, litigation, fraud, and most importantly, damage to reputation that can result from a data breach.”
In order to instill a strong information security culture there should be a mindset of shared responsibility among everyone in the organization regardless of job function and level of seniority. For SMBs, fostering a strong information security culture will limit uncertainty when it comes to decision-making and overall reduce data breach risk.
There are also many cost-effective measures that SMBs can easily implement today, in order to help reduce costly data breaches for tomorrow. Shred-it has identified three data protection strategies that will help SMBs embed security best practices throughout the workplace.
- Two-method approach
SMBs can institute double-edged strategies like a Clean Desk policy and a Shred-it All
policy that are straightforward and inexpensive to implement. A Clean Desk policy encourages employees to clear their desks and lock-up documents before they leave at the end of the day or when away for an extended period of time. This helps safeguard all confidential data. Furthermore putting in place a Shred-it All
policy removes the choice and uncertainty around what is required to be destroyed or recycled by requiring all paper documents to be shredded. In addition, all shredded paper is recycled giving SMBs an added environmental benefit to their procedures. These two strategies are easy to embed within an organization and serve to create a clear expectation among employees.
- Secure your info on the go
According to the 2016 Security Tracker survey over half of Canadian SMBs (53 per cent) have at least a portion of employees who work off-site, many of which may use their own device(s). While these measures allow flexibility among employees, it’s important to put forward security measures to protect confidential company information as it travels with the individual. SMBs should look to ensure that the right information security and training protocols are in-place to protect confidential customer and business data. Putting in place an off-site work policy that requests all mobile devices and laptops be encrypted and reminds employees of the risk and damage of leaving hardware or materials in public places, helps ensure data is secured when outside of the company’s control. To keep this top of mind, SMBs should schedule on-going training so employees understand best practices for protecting confidential information – in and out of the workplace.
- Don’t delete, destroy
Thirty-eight per cent of Canadian SMBs report wiping or degaussing hardware in house. However, if your media disposal process includes erasing, reformatting, wiping or degaussing your hard drives, your customer and company information may be at risk. A best practice in proper disposal is to remove and safely destroy the hard drive that lives on the device. Erasing, reformatting and wiping hard drives is not enough to dispose confidential information. Destroying, not deleting, ensures information is unrecoverable.
In addition to these easy and cost-effective tips, businesses should help employees keep information security procedures top-of-mind with reminders throughout the office. Shred-it is helping small businesses owners with an Information Security Reminders postcard that can be printed to help ensure employees know their data protection responsibilities, whether they are in the office or working remotely.
To view Shred-it’s Information Security Reminders, please visit the Shred-it’s Resource Centre here.
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. A wholly owned subsidiary of Stericycle, Shred-it operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit www.shredit.com
For more information:
NATIONAL Public Relations (for Shred-it)
Director, PR & Communications Shred-it
Ponemon 2016 Cost of a Data Breach Study: Canadian Page 1