Information Security: New Study Shows U.S. Companies Are Not Doing Enough
Information security, according to Wikipedia, is “the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, etc.” And, with the ever-increasing frequency and cost of data breach incidents today, it has never been more important to have an information security policy in place.
But a new study – the 2014 Security Tracker – shows that many businesses are not doing enough to ‘defend’ or protect information.
In fact, the Security Tracker, which is the 4th annual study, shows quite the opposite. There’s a troubling trend by both large and small businesses in the United States showing businesses de-prioritizing data security practices.
The independent survey was conducted by Ipsos Reid on behalf of the global information security company Shred-it. Small business owners (companies with fewer than 100 employees) and C-suite executives (companies with a minimum of 500 employees) were surveyed with results provided for each group.
While 86% of C-suite executives understand the legalities of privacy laws and legislation, only about one-third of them partner with a professional shredding service and utilize locked consoles in the workplace for documents that are no longer needed.
Also, 10% of these executives still throw sensitive documents into the garbage while 11% have no protocol for the storage and disposal of sensitive data. At the same time, 30% do not have cyber security in place.
An even larger percentage of small business owners demonstrate poor information security habits. For example, 70% do not have a cyber security policy in place, and almost half have no protocol for storing and disposing of confidential information.
The 2014 Security Tracker warns that businesses of all sizes seem to be unaware of the risks of information security breaches including damage to both the bottom line and the company’s reputation.
According to the 2014 Cost of Data Breach Study, conducted by IBM and Ponemon Institute, the average data breach in the United States costs $5.85 million.
Earlier Ponemon Institute research has shown it can take a business more than a year to recover and restore its reputation and brand image after a data breach.
Here is a checklist of information security best practices to keep in mind when it comes to information security:
- Create a culture of security from the top down including comprehensive information security policies and procedures that are compliant with privacy laws and legislation in your industry.
- Provide regular employee training in secure document management and destruction.
- Tighten cyber security, and equip all computers, including BYOD (bring your own device) devices, with security software and tools.
- Identify potential risks that may threaten the security of confidential information. Take this free security risk assessment.
- Implement a document management process that tracks electronic and paper-based documents from generation and storage to destruction.
- Limit access to confidential data based on job requirements.
- Partner with a reliable shredding company that provides a secure chain of custody for their document destruction. The company should provide hard drive destruction services too. Here is more information about document destruction best practices.
- Introduce a shred-all policy so that all paper documents that are no longer needed are securely destroyed.
Learn more about the current trends in information security in Shred-it's 2014 Security Tracker.