What Every Small Business Needs to Know About Information Security

Posted  October 16, 2014  by  Shred-it



Did you know that cyber attacks against small businesses rose 31% in 2013 compared to the year before?

That makes small businesses the fastest-growing group of targets, according to the 2013 Big Threats for Small Businesses white paper by FireEye.

With a nod to the upcoming Small Business Week in Canada, here is what every small business needs to know about information security.  

  • The risk of a data breach is huge. According to the Verizon 2013 Data Breach Investigations Report, small and mid-size businesses suffered data breaches more often than larger firms. In other research, the Ponemon Institute has shown that more than 78% of organizations had experienced at least one data breach over the previous two years.  
  • Your data is more valuable than you think, says FireEye. Cyber thieves are after personally identifiable information, intellectual property, authentication credentials, and insider information. They also look for access to your supply chain. 
  • Information security is the law. Privacy laws and legislation require that all businesses must protect the private information they collect and create. Failure to comply can result in huge financial losses including fines and lost business.
  • Information security is an on-going investment. Small businesses face the same cyber threats as large enterprises but more than 40 percent don’t have an adequate IT security budget, according to a 2013 Ponemon survey of IT practitioners in small businesses. Protection includes firewalls, anti-virus software, anti-spyware programs, an intrusion prevention system, and gateways. Keep it all updated and current.
  • Document management is key. “We only collect what we need and delete it as quickly as we can,” said a small business office manager in Texas. The Federal Trade Commission recommends creating an inventory of private documents (in paper and electronic form), and a secure storage and disposal system for both too. The 4th annual Security Tracker conducted by Ipsos Reid for Shred-it, shows that almost half of small business owners surveyed have no protocol for storing and disposing of confidential information.
  • Take the guess work out of paper disposal. Partner with a document destruction company that provides a chain of custody including special locked containers (instead of recycling bins) and secure on and off site document shredding and hard drive destruction. Introduce a ‘shred-all policy’ so all documents are destroyed when they’re no longer needed.
  • Employee negligence is a huge risk.  Educate employees about all the different ways they can protect information in and out of the workplace – for example, don’t open unknown attachments or leave their computers unattended. The 2012 Trend Micro-sponsored Ponemon Institute Study on small business security risks recommends policies for the use of social media and personal email too as cyber attacks often start there. 
  • The mobile workforce needs security guidelines too, warns Trend Micro. Research shows 56% of employees often store sensitive data on their laptops, smartphones, tablets, and other mobile devices. A data breach may occur if devices are lost or stolen. A data security plan must include mobile device protection. 
  • Use regular security audits to assess security issues. The Security Tracker found that almost half of small business owners surveyed do not conduct regular audits of their security protocols while three in 10 have never even performed an audit.

Here is how to create a culture of security in any size business. 

Request a Quote

Fill out the form below and we’ll contact you with a free quote within the hour! (Between 8:00am and 5:00pm, Mon - Fri)

Select Service

Company info

Your info

Additional Info