Shred-it has released its 2015 State of the Information Security Industry report and while larger organizations are finally investing more heavily in policies and employee training, there are still some disturbing trends in data security too.
The annual report is based on the Shred-it Information Security Tracker survey, an Ipsos Reid research study done in the United States, Canada, the United Kingdom, Germany and Australia.
What are trends that need to be addressed?
- Small businesses are in big trouble.
The report showed that small businesses are lagging behind large corporations in document security protocols. For example, 63% of American c-suite executives have a protocol for storing and disposing of confidential data compared to 46% of small business owners. While 78% of large businesses provide staff training on information security policies and procedures at least once a year, only 29% of small businesses do.
- Compliance is a moving target.
Privacy laws are constantly changing. In 2015, President Obama introduced a Consumer Privacy Bill of Rights Act and at least 32 states introduced or are looking at security breach notification laws. In Canada, the Digital Privacy Act (DPA) was passed. To keep information security policies aligned with legislation, appoint someone to be responsible for keeping up-to-date on privacy laws and legislation.
- The sheer volume of data today is daunting.
Big data requires a shift in traditional data processing and protection. What’s important is that “business leaders no longer consider information security policies and procedures ‘good-to-have’ but rather a mandatory requirement and strategic business investment”, said the report. An information security plan should include comprehensive Document Management that protects confidential data from creation through storage and destruction. Standardize best practices by implementing a Clean Desk Policy and a Shred-all Policy.
- The fall-out from a data breach can destroy a business.
A data breach has significant financial, reputational, legal, and operational consequences. For example, the average cost of a lost or stolen record is up to $217, and legislation violation fines range up to $100,000. Information should be a priority at every level in a business starting at the board level. Have a breach response plan at the ready.
- Cyber threats are constant and more sophisticated than ever.
In today's connected world, cybersecurity has become a priority for individuals and organizations.Regularly review and update cybersecurity policies.The report showed 85% of American c-suite executives have a cybersecurity policy compared to 37% of small businesses.
- Old habits die hard.
Some companies still use open recycling bins for paper documents, and 37% of U.S. businesses in the survey have never disposed of hard drives, USBs and other hardware. But all information – whether it is in paper form or digital form – must be securely destroyed when it is no longer needed. Partner with a reliable document destruction company that provides secure shredding of paper documents and hard drive and e-media destruction.
Download a full version of the 2015 Shred-it State of the Industry Report.