June 21, 2018
The recently released 2018 State of the Industry Report from Shred-it showed several worrisome trends in information security.
The annual report draws on detailed findings from the Shred-it Information Security Tracker, which explores data security policies and procedures in small and large businesses around the world.
Current Trends in Information Security
Lax attitudes towards privacy laws
Even though there’s a global trend towards stricter privacy laws to protect personal and confidential information, not all workplaces are keeping up. One example is that while there was a long lead-up to the EU General Data Protection Regulation (GDPR) becoming law in May 2018, the report showed that only 22% of C-Suites in the U.S. and 13% in Canada have a strong familiarity with the regulation, and 51% of U.S. small business owners (SBOs) don’t even know what it is. The GDPR affects any business in the world that handles data from individuals who live in the EU. Action: Be more proactive about keeping up-to-date with all privacy laws and legislation and communicating them to the workforce.
Security issues in the expanding remote workplace
Increased connectivity and technological advancements mean employees can work from almost anywhere – but employees working remotely are exposing businesses to physical and digital breaches. For example, while over 90% of North American business leaders say they believe their employees are doing everything they can to safeguard sensitive information, 49% of C-Suites in the U.S. and 20% in Canada report that company laptops have been lost or stolen while employees were working off-site. Action: Adapt security policies and procedures to keep up with changing workplace standards.
Inadequate information security training
Many North American businesses still do not provide regular security awareness training – even though the research showed that 96% of Americans think employee negligence contributes to data breaches. In Canada, 59% of C-Suites say they train staff on information security procedures once a year at least. In the U.S., 78% train staff on information security once a year at least. Action: Provide on-going data security training to all employees. Implement a culture of security from the top down.
Consumer concerns – and reaction – about security
Today’s consumers are much more aware of data security, and they are making decisions based on how their personal data is stored and distributed, according to the report. In the U.S., consumers place high importance on data protection when deciding which bank to use (92%), choosing a legal firm (83%), taking or keeping a job (81%), choosing a hotel (77%), and choosing a car dealer (75%). / In Canada, consumers place high importance on data protection when deciding which bank to use (85%), choosing a legal firm (77%), taking or keeping a job (79%), choosing a hotel (74%), and choosing a car dealer (72%). Action: Organizations must put comprehensive policies in place to protect data and address breaches.
Too much reliance on IT safeguards
With so much data now in digital format, many workplaces think that IT safeguards are all they need. While they are critical, there are other ways that information thieves access confidential data. Action: All companies should have other safeguards too including good alarm systems and security cameras, lockable file cabinets, and a Mobile Device Policy. Also, implement a Clean Desk Policy, and embed secure procedures for storing and disposing of confidential data and old hard drives.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.