November 13, 2014

Information Security Report: 8 Critical Calls-to-Action

Despite the widespread knowledge that data breach incidents around the world are escalating, many businesses are still not prioritizing information security – and that’s just one of the worrisome findings highlighted by Shred-it's 2014 State of the Industry Report.

The 2014 report is based on the Shred-it Information Security Tracker program, which is an IPSOS Reid research study of information security trends in the United States, Canada and the United Kingdom.

The third annual report from Shred-it puts the spotlight on both data security issues and solutions.The average data breach exposes more than 29,000 documents and costs almost $6 million.

Here are some of the report’s key calls-to-action.

  1. Create a formal information security policy. The report shows that 11% of American C-suite executives say their organizations have no security protocols for storing and disposal of confidential data (up 7%); 57% don’t have a cyber security policy. It’s important to generate a company-wide commitment to the total security of all private information.  
  2. Appoint someone to be in charge of information security – and choose carefully. The report shows that 36% of Canadian and 20% of American executives say they don’t know how lost data or identity theft would affect their business. Only 38% of C-suite executives say they have an employee directly in charge of data security levels at the management level.    
  3. Train employees about information security. Less than half of large organizations hold regular training for their employees, and small businesses are even less likely to do so. Regular employee training is the key to ensuring employees understand and commit to security policies and procedures.
  4. Establish clear document management and protection protocols. Protocols should include periodic security audits to identify and deal with problem areas, mobile workforce security policies, and the best computer protection available. 
  5. Improve document disposal. The report shows that 11% of C-suite executives in the U.S. have no protocol for storing and disposing of sensitive data; 91% of U.S. businesses don’t dispose of confidential material regularly. A simple solution: use professional paper shredding services with a secure chain of custody including locked consoles for sensitive documents. 
  6. Securely shred documents – for greater environmental benefits. According to the report, recycled paper products traditionally go through about 10 touch points before being fully destroyed. Using a document destruction company reduces touch points to six – so workplaces dispose of their waste securely and reduce their overall environmental impact.
  7. Stay up-to-date on privacy laws and legislation. New and stricter laws are increasingly being proposed and passed. According to the report, there are five proposals before the U.S. Senate regarding data security; in Canada, the Digital Privacy Act will make notification of data breaches mandatory with non-compliance fines up to $100,000.
  8. Target insider theft. The Identity Theft Resource Center reported that in 2013 insider theft increased 80% compared to 2012. Policies that remove choice or temptation from employees are encouraged. For example, a Shred-all policy means all documents are destroyed when they are no longer needed. Consider that 63% of large businesses in the U.S. and 85% in Canada still allow employees to keep recycling bins and waste receptacles at their desks.

For more information and insights into the 2014 State of the Industry Information Security, here is the report.