Shred-it Survey Shows that Small Companies May Be Putting Themselves and Their Clients at Risk of Security Breaches
TORONTO, ONTARIO--(Marketwire - Oct. 11, 2012) - For small businesses, staying current and ahead of the curve is essential for their company's survival. There are many successes to be championed during this year's Small Business Week (October 14-20), but results from the second annual 2012 Shred-it Information Security Tracker prove that small businesses need to take better safety precautions today to protect themselves and their customers from theft and fraud tomorrow.
Making up 98 per cent of the companies in Canada1, small businesses are a key driver in today's economy. Still, for many, information security is not high on the priority list. This year's Security Tracker shows that while more than three-quarters (76 per cent) of small businesses are at least somewhat aware of their legal requirements surrounding storing, keeping and disposing of confidential data, 42 per cent do not have an established protocol on how to adhere to these regulations and nearly one-third (31 per cent) have never trained their staff on information security procedures.
When it comes to personnel, nearly half (47 per cent) do not have an employee directly responsible for managing data security issues. What's even more alarming is that this number is up from 34 per cent last year--even though overall awareness of regulations has actually improved since 2011 (76 per cent compared to 73 per cent).
"Companies of all sizes are tightening their belts, and small businesses in particular may be having difficulty allocating staff and other resources to information security," says Bruce Andrew, VP Marketing, Shred-it. "However, making information security part of day-to-day operations is a valuable investment that, at the end of the day, protects both the business' reputation and its bottom line."
The fact that companies are not focused on information security issues could be attributed to a perceived lack of risk. Even though a data breach can cost an organization money, reputation and clients, many small businesses do not feel that they would be affected. In fact, just 12 per cent of respondents said that they believed that lost or stolen data would result in severe financial and reputational damage, and six-in-ten (61 per cent) felt that such a breach would not significantly impact the business at all. However, as fraudsters continue to employ more sophisticated methods of theft, the future looks grim for those who are lax about prevention.
"While the risk of a data breach may seem small, the ramifications can be devastating even if they aren't apparent right away," says Andrew. "At Shred-it we recommend conducting a risk assessment to determine what security policies and protocols already exist, where improvement is required and where the company may be most vulnerable."
To further help secure the future, Shred-it recommends keeping in mind the 3 Ps of information security:
When considering information security, organizations should focus on prevention, not reaction. Ultimately, being aware of potential risks and taking steps to mitigate them costs a business far less than having to go into recovery mode when a breach occurs.
Small businesses should develop and implement information security protocols and policies that are easily understood and applicable to all levels of staff. For example, companies should consider enacting a 'shred-all' policy where all unneeded documents are placed into locked consoles to be shredded. Also, businesses should enact policies regarding their electronic data. These policies may include restricting computer and file access to necessary personnel only and mandating that computer hard drives and photocopier memories are physically destroyed before being thrown out.
One of the most effective ways to protect a business from theft and fraud is to ensure that there is at least one staff member within the organization who is directly responsible for managing data security issues and is regularly training staff on protocols and procedures.
Shred-it is a world-leading information security company providing document destruction services that ensure the security and integrity of our clients' private information. The company operates 140 service locations in 16 countries worldwide, servicing more than 150,000 global, national and local businesses, including the world's top intelligence and security agencies, more than 500 police forces, 1,500 hospitals, 8,500 bank branches and 1,200 universities and colleges. For more information, please visit www.shredit.com.
About the 2012 Security Tracker
Ipsos Reid conducted a quantitative online survey of two distinct sample groups: 1001 small business owners in Canada (all of which have fewer than 100 employees), and 100 C-suite executives working for businesses in Canada with a minimum of 100 employees.
Data are unweighted as the sample universe is unknown and statistical margins of error are not applicable for non-probability samples. However, an unweighted probability sample of this size in each country would yield results that are considered accurate to within 3.1 percentage points, 19 times out of 20. The fieldwork was conducted between April 13th and 20th, 2012.
1 Small Business Statistics, July 2012, Industry Canada,
On behalf of Shred-it