March 23, 2023

Plug the Gap: A Comprehensive Data Security Program

As businesses navigate complex data challenges, identifying gaps in data protection programs is critical. Much attention in the public and media focuses on digital data breaches, but only investing in digital security measures can leave an organization vulnerable to other forms of information fraud and theft. The 2022 Shred-it® Data Protection Report (DPR) found that when it comes to physical security risks (printed materials, computers, and hard drives), only 27% of small business leaders (SBLs) surveyed regularly collect and destroy sensitive materials, yet they incorporated the following digital data security tactics: anti-virus programs (40%), two-factor authentications (25%), automated security defenses (24%), and frequent updates to software (28%). Organizations should prioritize physical and digital data protection measures to best protect from potential breaches.

The Importance of Physical Document Destruction

According to a Verizon 2021 report, physical breaches accounted for 43% of breached assets. Threats to physical assets can be found in and out of the office and can come from outsiders or trusted employees. Physical document and asset destruction, such as professional paper shredding and destroying hard drives, can help protect your business from malicious outsiders who may resort to dumpster diving to find confidential information. It can also help protect against malicious insiders who can take documents from print stations, off desks, and out of the trash or recycling bins. They can also steal physical materials, including USB keys, old hard drives, and other discarded electronic devices that still contain private data. 

Unique Challenges for Small Businesses

Any business can find it difficult to protect confidential materials, but small businesses face unique challenges in fighting fraud. In addition to potentially having fewer anti-fraud controls, they may also have fewer staff members, making it harder to dedicate a specific individual or group to data security protection.

What Businesses Can Do

Balance Physical and Digital Security

In the 2022 DPR, businesses surveyed reported the following tactics for simultaneously helping physical and digital security: limiting sharing data with third parties (28%), providing data protection and awareness training (27%), conducting vulnerability assessments (23%), implementing record retention and destruction policies (23%), and establishing incident response plans (20%).

Implement Anti-Fraud Controls

In the Occupational Fraud 2022: A Report to the Nations, which examined over 2,000 cases of fraud in 133 countries, the presence of anti-fraud controls was associated with lower fraud losses and quicker fraud detection. Examples of these controls include external audits of financial statements, having a code of conduct, and implementing a hotline. The report also showed that a lack of internal controls was the most common control weakness for both staff-level employees (34%) and mid-level managers (29%) surveyed. Staying on top of data security and anti-fraud efforts is critical.

Use a Third-Party Data Protection Partner

Small businesses may not have the capacity for designated data security employees, so it could be beneficial to enlist the services of trusted third-party providers that can assist with implementing and executing a comprehensive data security program that considers physical and digital data protection.

Download our infographic to learn what actions small business leaders are taking to keep sensitive data safe and learn more about how Shred-it® can help protect your business' confidential information with secure document and hard drive destruction.

Get the Infographic