CINCINATTI, OH. May 31, 2016 –
U.S. business leaders are unprepared for the increased threat to information security that comes with flexible office environments, according to the 2016 Shred-it Security Tracker information security survey
. The study shows that leaders are not providing the protocols and training needed to ensure customer and competitive information remains secure in a mobile work environment.
With the number of mobile workers in the US expected to reach 105 million by 2020
, more workers are using the tools of the modern workforce, including laptops, USBs and cloud storage to connect outside the traditional office environment. The 2016 Security Tracker shows that the majority of C-Suite Executives (92%) and just over half of small business owners (SBOs) (58%) have at least some employees using a flexible/offsite working model. Yet, only 31% of C-Suite Executives and 32% of SBOs said they have an information security policy for both off-site work environments and flexible working areas in place.
“Without ongoing training and comprehensive policies for remote and flexible workplaces, businesses are at risk,” says Andrew Lenardon, Global Director, Shred-it. “Although employees want increased flexibility and the ability to work remotely, business leaders must ensure that the right information security and training protocols are in-place to protect confidential customer and business data.”
Policies and procedures governing the secure storage and destruction of mobile devices are essential in an organization’s information security policy. While larger U.S. organizations have incorporated this as part of their overall efforts, small businesses have room to improve how they are destroying and storing digital data.
SBOs are more likely to wipe/degauss electronic devices in-house (37%), risking inadvertently exposing the confidential data stored on the hard drive when the device is sent to be recycled or reused. In contrast, their C-Suite counterparts follow the best practices for data destruction and almost half (47%) use a professional destruction service to dispose of their unneeded electronic material.
Regularly destroying hardware is another important part of device management as legacy hardware stockpiled and stored in the office is a risk for theft. However, 60% of SBOs only dispose of hard drives, USBs, and other electronic devices containing confidential information less than once a year or never. Comparatively, a majority of C-Suite Executives (76%) indicate their businesses destroy hardware every two to three months - or more frequently.
“The only proper way to protect information is to physically destroy the hard drive - simply wiping the device does not ensure sensitive information is completely removed,” says Lenardon. “Implementing security policies that address how digital devices are stored and destroyed is vital for any sized organization to help address the additional risks associated with mobile working.”
While C-Suite Executives are focused on electronic device and data destruction, they must not become complacent with the storage and destruction of paper documents as their employees are no longer tied to the traditional office. Approximately 46% of C-Suite Executives report having a protocol for destroying confidential documents adhered to by all
employees - a dramatic drop from 2015 where 63% of C-Suite Executives reported having a protocol in place adhered to by all employees.
To help businesses of all sizes ensure their corporate policies and training around data protection and security keep pace with the evolving work environment, Shred-it is providing seven simple workplace guidelines
- Remind employees not to leave hardware or materials in vehicles, hotels, coffee shops or elsewhere.
- Limit the type of documents that employees can remove from the office, as there is no way to ensure data is secured when outside of the company’s control
- Encrypt all phones and hard drives, and activate passwords on electronic devices.
- Perform a regular cleaning of storage facilities and avoid stockpiling obsolete electronic devices
- Destroy all unused hard drives using a third-party provider who has a secure chain of custody and confirms destruction.
- Regularly review your organizations information security policy to incorporate new and emerging forms of electronic media.
- Schedule on-going training so employees understand best practices for protecting confidential information – in and out of the workplace.
As workforces become more mobile, C-Suite Executives and Small Business owners face similar challenges when it comes to protecting sensitive data. To mitigate the increased risk of an increasingly mobile workforce, businesses of all sizes must be proactive in introducing protocols and training to keep employee, customer and company data safe.
Every year, Shred-it develops the State of the Industry Report to highlight common Information Security trends and emerging challenges based on the Security Tracker’s key findings. Now in its fifth year this report provides comprehensive insights and tips on how businesses can protect and mitigate risks when it comes to information security. Download the current report
to learn more about information security trends, as well as ways in which businesses, large and small, can protect their data.
- 30 -
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. A wholly, owned subsidiary of Stericycle, Shred-it operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit www.shredit.com
Ipsos ranks third in the global research industry. With a strong presence in 87 countries, Ipsos employs more than 16,000 people and has the ability to conduct research programs in more than 100 countries. Founded in France in 1975, Ipsos is controlled and managed by research professionals. They have built a solid Group around a multi-specialist positioning – Media and advertising research; Marketing research; Client and employee relationship management; Opinion & social research; Mobile, Online, Offline data collection and delivery.
Ipsos is listed on Eurolist - NYSE-Euronext. The company is part of the SBF 120 and the Mid-60 index and is eligible for the Deferred Settlement Service (SRD). www.ipsos.com
About the 2016 Security Tracker:
Ipsos conducted a quantitative online survey of two distinct sample groups: small business owners in the United States (n=1,009), and C-Suite executives working for businesses in the United States with a minimum of 100 employees (n=101). The precision of Ipsos online surveys are calculated via a credibility interval. In this case, the US SBO sample is considered accurate to within +/- 3.5 percentage points had small business owners been surveyed, and the US C-Suite sample is accurate to within +/- 11.2 percentage points had all C-Suites in been surveyed.. The fieldwork was conducted between March 17 and March 23, 2016.
For more information:
NATIONAL Public Relations (for Shred-it)
Senior Manager, PR & Communications Shred-it