Protecting Confidential Information in the Data Breach Era

An organization’s reputation can be one of its most valuable assets. According to a 2021 survey from PwC, companies with high consumer trust are more likely to have customer loyalty, a growing customer base, revenue growth, and access to financing. Shred-it's 2021 Data Protection Report similarly found that 4 out of 5 consumers surveyed decide which company to do business with based on its reputation for data security. On top of that, according to Zendesk about half of consumers will switch brands after one bad experience.

These findings highlight that information security can play a huge role in consumer behaviors. Despite these trends, 2021 was one of the worst years for data breaches in history. According to RBS, there were 4,145 publicly disclosed breaches in the U.S. in 2021, which exposed more than 22 billion records. Shred-it's Data Protection Report found that nearly 70% of consumers surveyed had been impacted by a data breach in 2021, up from 53% the previous year.

The increase in data breaches is costly and inefficient, and it can damage and even destroy a company’s reputation. To help mitigate these risks and build trust with customers, leaders should understand the basics of protecting confidential information in the era of data breaches.

What Is Considered Confidential Data?

The term “confidential data”, as used here, generally refers to any nonpublic information. This can include confidential business information, such as proprietary information or pricing, or personal information, such as an individual's name, address, email address, IP address, social security number, and/or telephone number.

Depending on the industry, certain confidential information may be regulated. Healthcare  providers, for example, are responsible for restricting the disclosure of protected health information per the Health Insurance Portability and Accountability Act (HIPAA). This includes individually identifiable health information that relates to, for example, an individual's past, present, or future physical or mental health condition. Additionally, certain financial organizations are required to protect sensitive personal finance information, such as account numbers and balances, loan applications, and credit card or debit card applications.

What Are the Potential Causes of a Data Breach?

The businesses surveyed in Shred-it's 2021 Data Protection Report identified four major sources of a data breach: malicious outsiders, malicious insiders, partners and suppliers, and employee error. The report found that 53% of all data breaches involved malicious insiders: employees inside an organization who share confidential information with outside sources. This contradicts the belief that only hackers and cybercriminals are responsible for data breaches.

While not the largest source of data breaches, breaches involving employee error accounted for 22% of all data breaches reported in the survey. Organizations can help mitigate this type of data breach by implementing policies that outline information security and privacy guidelines and provide ongoing data security training—on both digital and physical risks.

Which Industries and Company Types Are Potentially at Risk for a Data Breach?

The 2021 Data Protection Report found that organizations surveyed in the insurance (75%), real estate (69%), and healthcare (56%) sectors are the most likely to have experienced a data breach. However, any organization that stores large amounts of confidential data, including financial and professional services firms, is at risk of a data breach.

The report also found that nearly three-quarters of large businesses surveyed have experienced a data breach, up from 43% in 2020. However, while data breaches at large companies often get the most attention, data breaches at small and medium-sized businesses are also on the rise. In 2021, 61% of small and medium-sized businesses (defined in the survey as having less than 499 employees) reported a data breach, a significant jump from 12% in 2020. This highlights that any organization, large or small, can fall victim to a data breach.

How Can Remote and Hybrid Work Models Affect Data Confidentiality?

Some experts attribute a rise in data breach risks to the COVID-19 pandemic, which contributed to many employees working from home. As a result, businesses’ physical confidential information was spread out across home workspaces instead of the one centralized location—the office. Employees may have also disposed of confidential documents in their home trash rather than through a secure document destruction process. Further, digital confidential information is potentially at risk due to the use of home Wi-Fi networks that may have fewer security controls compared to an office network. This decentralization invites more opportunities for data breaches and malicious actors.

As many businesses continue to use remote and hybrid work models, it is important that they consider the data security risks of at-home settings and put policies in place to help address them.

How Can Companies Take Steps to Protect Confidential Data?

Companies can employ a wide range of strategies to help reduce their chances of experiencing a data breach. Some of these actions include:

• Identifying risks: Preventing a data breach starts with understanding how and where an organization is most vulnerable. Shred-it’s free risk assessment tool can help companies identify their potential physical data risks and create a plan to address them.
• Prioritizing employee training: To help reduce the risk of employee-error-based breaches, companies should provide employees with data protection training during the onboarding process and regularly throughout the year.
• Maintaining a clean desk policy: A clean desk policy requires employees to securely store sensitive paper and electronic information whenever they leave their office or at-home workspaces to help ensure that sensitive information is not available to others.
• Using a secure document destruction service: Document destruction is one of the most effective ways to prevent a physical data breach. Shred-it's data destruction services are convenient and secure.

Learn more about how secure data destruction with Shred-it can help prevent data breaches.