The branch that you searched for does not have a page in your preferred language. Would you like to visit the branch page on the #CODE# site?
Get a Quote
Back To Information Security Resources
Demonstrating a positive shift in behaviour compared to previous years, the 5th annual Shred-it Security Tracker revealed that c-suite executives have not only recognized the real threat posed by data breaches, they’ve also taken concrete steps to improve their security policies and procedures.
In contrast, small business owners have made very little headway in combating information security risks, demonstrating a growing divide between large organizations and small businesses when it comes to information security.
Download PDF Version
For instance, 65 percent of executives say they have protocols in place for storing and disposing of confidential data that is strictly adhered to by all employees, up from 42 percent in 2014. Comparatively, less than half (47 percent) of small businesses say they have protocols in place for storing and disposing of confidential data that is strictly adhered to by all employees and a shocking 37 percent have no protocol in place at all.
Large organizations are also becoming increasingly demanding of their suppliers, insisting that they too invest in information security. In fact, 45 percent of large organizations require suppliers to have an information security policy in place and 41 percent require a security breach response plan.
Small business owners must understand that if they continue to lag behind their larger counterparts, they’ll increasingly expose themselves to not only theft, fraud, and severe financial and reputational repercussions that may result in bankruptcy, but they also risk disqualifying themselves from working with large organizations that vet their suppliers.
For more results from the Shred-it 2015 Security Tracker visit our Resource Centre.
As organizations refresh computer hardware and digital storage, they are faced with the issue of what to do with their obsolete IT assets. Proper disposal and destruction of hard drive storage devices is important not only to keep confidential information safe, but also to keep organizations compliant with laws and legislations regarding the storage and disposal of Personal Health Information and Personal Identifying Information.
The Personal Information Protection and Electronic Documents Act (PIPEDA) sets out legislation for how the private sector collects, uses or discloses personal information in the course of commercial activities. According to PIPEDA, personal information must be disposed of in a way that prevents a privacy breach.
PIPEDA also states that before disposing of electronic devices — such as computers, photocopiers and cellphones — organizations must ensure that all personal information is physically destroyed from the device’s hard drive.1
The most effective way to verify that confidential data found on these devices is completely gone and not susceptible to a privacy breach is to securely destroy the hard drive before disposing of it.
However, the 2015 Shred-it Security Tracker revealed that 40 percent of Canadian businesses surveyed have never disposed of hard drives, USBs or other hardware that contains confidential information.2 That translates into a lot of organizations that are not only risking the personal and confidential information of their customers and employees, but also risking compliance with PIPEDA.
A data breach has many consequences — financial loss, reputational damage and also legal repercussions. It is critical that organizations protect confidential information by removing and destroying unused hard drives.
For simple workplace guidelines designed to safeguard hard drives visit the Shred-it Resource Centre.
In each edition we feature a high profile information security issue to show businesses how they can mitigate similar risks.
This quarter we’re featuring the Communications Security Establishment of Canada.
Communications Security Establishment (CSE): In response to an internal privacy violation, Canada’s electronic spy agency has introduced mandatory privacy awareness training for all employees. According to Greta Bossenmaier, chief of the Communications Security Establishment, corporate security officials were notified in July 2014 that a file containing personal information related to security clearances was mistakenly given public-access permission markings. An internal probe determined that the sensitive personal information of five individuals — four CSE employees and one member of the public — had been compromised.3 As a result, in March 2015 Bossenmaier ushered in a new policy on administrative privacy breaches and introduced mandatory privacy awareness training for all staff.
What do you do: When employees are unaware of the proper procedures for the management and destruction of confidential information, the organization faces a greater risk of fraud. Unfortunately, Canadian organizations all too often overlook the vulnerability within their workplace. According to the Shred-it 2015 Information Security Tracker, 36 percent of small businesses have never trained their staff on information security protocols and 29 percent of larger organizations only do so once a year
It is crucial that all employees not only know and understand their organization’s security policies and procedures, but truly commit to them and implement them correctly. There are concrete actions business leaders can take to ensure their information destruction policies and procedures are adhered to by all employees:
Shred-it’s most important relationship is with its customers, which is why Shred-it Partners are trained to provide top level customer service and expertise. In each edition we highlight a Shred-it Partner that went above and beyond to provide exceptional customer service.
A partner with Shred-it for almost 10 years, Arnold Rubio is dedicated to not only helping his customers destroy their confidential information, but also assisting them with implementing information security policies and procedures. This commitment was clearly demonstrated during a routine visit to a local bank branch.
While emptying consoles during his service, Arnold discovered that cash had accidentally been placed into one of the locked bins. Realizing that an error may have been made, Arnold immediately alerted the Branch Manager and ensured the money was safely returned. Arnold also took the time to help the Branch Manager identify how the problem occurred and found a solution to mitigate the risk of cash accidentally falling into the consoles again. The Branch Manager was impressed with Arnold’s professionalism and confidentiality when he discovered the money, and also in working together with the team to implement a new procedure moving forward.
“Arnold Rubio demonstrated the highest level of integrity and helped prove that our CSRs “live the values” of Shred-it.” — Philip Moores, Operations Manager, Shred-it Toronto East
Shred-it would like to commend Arnold on his professionalism, integrity and commitment to information security
You can also stay informed with Shred-it on Facebook and LinkedIn or follow us on Twitter @Shredit.
Stay informed with the latest in information security news and promotions.
Fill out the form or call 888.750.6450 to start protecting your business today!