June 18, 2013

Small Businesses in the Dark about Potential Impact of a Data Breach

NEW YORK, NY -- June 18, 2013 – Many U.S. small businesses are taking a passive approach when it comes to protecting their data leaving themselves vulnerable  to data loss and possible financial and reputational damage.  A recent study conducted by Ipsos Reid on behalf of Shred-it, a world-leading information security company, revealed that small businesses do not fully comprehend the impact a data breach could have and as a result, are not safeguarding sensitive information as thoroughly as they should.
The 2013 Shred-it Information Security Tracker indicates that an alarming number of small businesses (69 per cent) are not aware or don’t believe data being lost or stolen would result in financial impact and harm to their businesses credibility. 
This false sense of security is putting businesses at risk. In fact, the study found that: 
•  Forty per cent of small business owners have no protocols in place for securing data, a five percent increase from last year.
•  More than 1/3 of the small business report that they never train staff on information security procedures.
•  Forty eight per cent have no one directly responsible for management of data security.
•  Only 18 per cent would encourage new data privacy legislation requiring stricter compliance and penalties to information security threats.
“As we celebrate National Small Business Week, we’re urging companies to be vigilant when it comes to information security,” said Mike Skidmore, Privacy & Security Officer, Shred-it. “We have seen a consistent increase in small businesses without security protocols in place and a crucial first step for practicing effective information security is improving awareness of policies and procedures.  Organizations face a lot of risks, but enforcing sensitive data safeguarding as a company-wide practice will potentially avert both significant financial and reputational damage.” 
C-Suite Executives
It is crucial that businesses of all sizes take proactive steps to protect against data breaches. The 2013 Security Tracker found that more C-suite executives (12 per cent)  reported financial losses of more than $500,000 due to data breaches this year than in previous years; yet, 23 per cent of the C-suite executives surveyed do not believe data breach will impact their business. At the same time, while awareness of legal requirements among C-suite executives was up four percent from 2012, only 16 per cent report training employees on protocol twice a year, down 11 per cent from 2012.
Best Practices
Shred-it offers the following tips to help businesses safeguard their business information and recommends that companies consider these security procedures:
•  Analyze possible security gaps in one’s organization, and within your supply chain, and work with security experts to assess existing security systems.
•  Implement ongoing risk analysis processes and create a policy specifically designed to limiting exposure to fraud and data breaches.
•  Regularly train employees in proper document management and encourage their adoption of security best practices.
•  Utilize special locked consoles to house sensitive materials that are waiting to be properly shredded.
•  Implement a “shred-all” policy so that all unneeded documents are fully destroyed on a regular basis.
•  Don’t overlook hard drives on computers or photocopiers; physical hard drive destruction is proven to be the only 100% secure way to destroy data from hard drives permanently.
•  Have up-to-date and effective computer network protection, including anti-virus software and a firewall.
Supply Chains
 In today’s global business climate, businesses small and large are operating in increasingly expansive supply chains, outsourcing services to various vendors and sharing sensitive information to facilitate business transactions. As touch points in the supply chain increase, so does risk and businesses need to hold each other to a higher security standard.  All it takes is one breach for many reputations to be damaged. 
With that in mind, U.S. companies should consider re-evaluating the risks associated with sharing data with members of their supply chain. Do these partners also demonstrate a commitment to information security? By creating a far-reaching information security policy that encompasses business partners and suppliers, companies can do a more effective job of protecting the confidential data of all Americans.
Companies looking to put an information security policy and process in place are urged to apply for a free risk assessment service by a trained and background checked Shred-it representative. An online risk assessment survey is also available on the website. This will help you to determine how you are managing confidential information and the information destruction process. Having a system in place will better protect the overall business supply chain against the impact of a data security breach.
About Shred-it
Shred-it is a world-leading information security company providing document destruction services that ensure the security and integrity of our clients’ private information.  The company operates 140 service locations in 16 countries worldwide, servicing more than 150,000 global, national and local businesses, including the world’s top intelligence and security agencies, more than 500 police forces, 1,500 hospitals, 8,500 bank branches and 1,200 universities and colleges. For more information, please visit www.shredit.com. 
About Ipsos Reid:
Ipsos Reid is Canada's market intelligence leader, the country's leading provider of public opinion research, and research partner for loyalty and forecasting and modeling insights. With operations in eight cities, Ipsos Reid employs more than 600 research professionals and support staff in Canada. The company has the biggest network of telephone call centres in the country, as well as the largest pre-recruited household and online panels. Ipsos Reid's marketing research and public affairs practices offer the premier suite of research vehicles in Canada, all of which provide clients with actionable and relevant information. Staffed with seasoned research consultants with extensive industry-specific backgrounds, Ipsos Reid offers syndicated information or custom solutions across key sectors of the Canadian economy, including consumer packaged goods, financial services, automotive, retail, and technology & telecommunications. Ipsos Reid is an Ipsos company, a leading global survey-based market research group. To learn more, visit www.ipsos.ca
About the 2013 Security Tracker
An independent survey conducted by Ipsos Reid and commissioned by Shred-it was conducted between April 16th and 23rd, 2013, with two distinct sample groups: Small business owners in the United States (n= 1,008), which have fewer than 100 employees, and C-suite executives in the United States (n=100), that have executives that work for companies with a minimum of 500 employees in the United States.