The COVID-19 pandemic and 2020 events created unique conditions for information security – for both individuals and organizations. Shred-it’s 2020 Data Protection Report
recaps the past year and provides insight into where information security trends may be moving in 2021. One of the most compelling statistics in the report states that 83% of consumers prefer to support businesses that prioritize protecting their data. Data security must be a significant focus for organizations to engage customers, retain employees, and maintain a positive reputation.
Remote Workers in Home Office Environments Are Under Attack
Data risks present widespread concerns that continue to grow, especially with the past year’s challenges. According to the recent Bitdefender Report
, 60% of all emails received in the early months of the pandemic were fraudulent and ransomware threats increased 715% compared to 2019. Security threats are widespread, including viruses, adware, spyware, phishing, denial-of-service attacks, malware, ransomware, and data breaches – and the list goes on. Something as seemingly benign as an email that seems to be from HR may actually be a malicious phishing attempt. With a simple click of a link that appears legitimate, an employee has the potential to compromise your organization’s security.
Remote workers are especially under attack from phishing emails and social engineering scams that have increased significantly over the past year. As noted in Shred-it’s 2020 Data Protection Report, 64% of employees report such cyber threats, and 11% fell victim to a cyberattack. Also, data breaches continue to threaten organizations, with 43% of C-suite business leaders reporting a data breach. The response to workplace scams or data breaches is more challenging to handle remotely. Research conducted by the Ponemon Institute
shows 76% of respondents agree that a remote work environment would increase the time to identify and contain a data breach.
Employee education and training will increase employee awareness of these threats, but strong security best practices must be in place – and followed carefully – across any and every work environment. Implementation of antivirus software, strong passwords and two-factor authentication, intrusion detection/prevention, and account lockout policies will minimize your risk and mitigate damage from an attack.
Improper Disposal of Confidential Documents High Amongst Remote Workers
Protecting confidential information remains critical, especially given a more remote-based workforce. Before the COVID-19 pandemic, organizations reported up to 77% of employees regularly worked off-site. Now that remote workspaces are the new normal, and many businesses are operating in a decentralized work environment, improved security policies are essential for the safe disposal of confidential information.
While paperless may still be a lofty vision, many organizations try to limit paper consumption to reduce waste and increase operational efficiencies. However, habits and personal preferences often dictate document usage. Especially when working from home, 75% of employees print work-related documents in their home office setting. Organizations need to ensure policies meet secure storage and disposal of all documents, whether paper or electronic. Statistics from the 2020 Data Protection Report state that 8% of employees dispose of documents in the trash, and only 15% hold them for workplace disposal. These numbers cause concern for any business leader and indicate that document disposal security is an immediate necessity.
Optimal use of paper and electronic documents should be a part of your organization’s standard workflow processes. With a clear Documentation Destruction Policy
, your organization can protect sensitive information in any work setting. In addition to policies and processes focused on document disposal, critical components to compliance include employee training and access to shredding capabilities.
Implementation of Stronger Laws and Regulations
State and federal regulatory agencies continue to voice concern on data integrity and compliance, especially after such a disruptive year. Significant new privacy laws are in place and we anticipate a trend that privacy and data security will see even stricter regulations. Recently, the California Attorney General proposed modifications to the California Consumer Privacy Act
(CCPA) regulations and Maine’s new internet privacy law is now in effect.
Lack of awareness of regulatory changes and data protection complacency are significant risks to any organization. A lack of focus on employee training
should shift to a culture of security and privacy compliance to minimize risk. Start the new year with a more vigilant approach to security best practices. Focus on reducing security challenges through the evaluation of current information security protocols. Existing policies should include clean desk policies, secure document shredding, and appropriate media destruction protocols, to name a few.
But the establishment of policies and protocols is just the first step. 24% of C-suite leadership and half of small businesses report their organization does not have regular employee training on information security. With proper employee training, data security awareness can significantly reduce human error and accidental data loss. A proactive approach to the standardized implementation of data security protocols is essential to strict adherence and consistent organizational data security.
Learn more about current information security best practices and how Shred-it can help you support information security for your organization