CINCINATTI, OH. June 9, 2015 – The 5th annual Shred-it Security Tracker information security survey reveals that while c-suite executives have begun to prioritize information security by taking positive steps to invest in security policies and procedures, small business owners continue to fall significantly behind.
Marking a positive shift in behaviour compared to previous years, the 2015 Shred-it Security Tracker conducted by Ipsos Reid, found that 63 percent of c-suite executives surveyed in the US say they have a protocol for storing and disposing of confidential data that is strictly adhered to by all employees, up from 51 percent in 2014. However, small business owners saw little improvement with 37 percent of those surveyed responding they don’t have any security protocols in place.
Large businesses also take the threat of additional regulatory penalties more seriously than small businesses. In fact, 64 percent of c-suite respondents stated that they believe stricter penalties for not adhering to document destruction legislation would put pressure on their organizations to improve polices.
The average data breach costs US organizations upwards of $195 per record lost1 and legislation violation fines can cost as much as $50,000 - $100,0002. While a larger organization may be better able to absorb a large penalty, for a small business one breach could result in bankruptcy.
“Considering that c-suite executives are placing a greater priority on information security practices, small business owners need to examine their own policies to ensure they match those of their large scale counterparts,” said Sarah Koucky, Vice President, Security at Shred-it. “Online predators, inside sources and fraudsters will continue to target businesses and if the right policies and practices are not in place, small businesses will be the ones to fall victim.”
The security tracker also shows that even when they have protocols in place small businesses are falling behind in auditing themselves. For example, only 27 percent of small business owners say they audit on a frequent bases, compared to 69 percent of c-suite execs who say the same. In fact, one quarter of small business owners never audit information security procedures and protocols.
Shred-it offers the following tips to help both small and large organizations safeguard their business information:
Demonstrate a top-down commitment from management to the total security of your business and customer information
Implement formal information security policies; train your employees to know the policies well and follow them strictly
Eliminate potential risk by introducing a “shred-all” policy; remove the decision-making process regarding what is and isn’t confidential
Conduct a periodic information security audit
Introduce special locked containers instead of traditional recycling bins for disposing of confidential documents
Don’t overlook hard drives on computers or photocopiers. Erasing hard drives does not mean data is destroyed. Physical hard drive destruction is proven to be the only 100% secure way to destroy data from hard drives
- 30 -
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. The company operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit www.shredit.com.
Ipsos Public Affairs
Ipsos Public Affairs is a non-partisan, objective, survey-based research practice made up of seasoned professionals. We conduct strategic research initiatives for a diverse number of American and international organizations, based not only on public opinion research, but elite stakeholder, corporate, and media opinion research.
Ipsos has media partnerships with the most prestigious news organizations around the world. In Canada, the U.S., UK, and internationally, Ipsos Public Affairs is the media polling supplier to Reuters News, the world's leading source of intelligent information for businesses and professionals. Ipsos Public Affairs is a member of the Ipsos Group, a leading global survey-based market research company. We provide boutique-style customer service and work closely with our clients, while also undertaking global research. To learn more visit: www.ipsos-na.com
About the 2015 Security Tracker:
Ipsos Reid conducted a quantitative online survey of two distinct sample groups: small business owners in Canada (n=1,000), and C-suite executives working for businesses in Canada with a minimum of 100 employees (n=101). This survey is considered accurate to within 3.5 percentage points had all small business owners been surveyed and to within 11.2 percentage points had all C-suites been surveyed. The fieldwork was conducted between April 20 and May 3, 2015.
NATIONAL Public Relations (for Shred-it)
Sr. Manager, PR & Communications Shred-it
1. Ponemon 2014 Cost of a Data Breach Study