C-Suite Executives Lead the Information Security Race in America
Demonstrating a positive shift in behavior compared to previous years, the 5th annual Shred-it Security Tracker revealed that c-suite executives have not only recognized the real threat posed by data breaches, they’ve also taken concrete steps to improve their security policies and procedures.
In contrast, small business owners have made very little headway in combating information security risks, demonstrating a growing divide between large organizations and small businesses when it comes to information security.
For instance, 63 percent of executives say they have protocols in place for storing and disposing of confidential data that is strictly adhered to by all employees, up from 51 percent in 2014. Comparatively, less than half (46 percent) of small businesses say they have protocols in place for storing and disposing of confidential data that is strictly adhered to by all employees and a shocking 37 percent have no protocol in place at all.
Download PDF Version
For instance, 63 percent of executives say they have protocols in place for storing and disposing of confidential data that is strictly adhered to by all employees, up from 51 percent in 2014. Comparatively, less than half (46 percent) of small businesses say they have protocols in place for storing and disposing of confidential data that is strictly adhered to by all employees and a shocking 37 percent have no protocol in place at all.
The security tracker also shows that even when they have protocols in place, small businesses are falling behind in auditing, which is vital for ensuring that policies and procedures are able to combat threats as they emerge. For example, only 27 percent of small business owners say they audit on a frequent bases, compared to 69 percent of c-suite execs who say the same. In fact, one quarter of small business owners never audit their information security procedures and protocols.
When you consider that the average data breach costs US organizations an average of $217 per record lost and legislation violation fines can cost as much as $50,000 – $100,000, an information security breach can result in significant financial damage for any organization.1,2 While a larger company may be better able to absorb a large penalty, one breach for a small business could result in bankruptcy. Small business owners must understand that online predators, inside sources and fraudsters will continue to target businesses and if they continue to lag behind their larger counterparts, they’ll increasingly expose themselves to theft, fraud, and severe financial repercussions that may result in bankruptcy.
For more results from the Shred-it 2015 Security Tracker visit our Resource Center.
1. Online Predators and Digital Security
As organizations refresh computer hardware and digital storage, they are faced with the issue of what to do with their obsolete IT assets. Proper disposal and destruction of hard drive storage devices is important not only to keep confidential information safe, but also to keep organizations compliant with laws and legislations regarding the storage and disposal of Personal Health Information and Personal Identifying Information.

US Federal Privacy legislations, such as the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) and the Gramm-Leach-Bliley Act (GLB), all set out ground rules for the collection, storage, use, disclosure and destruction of personal information — whether it be health information or consumer data held by financial institutions. All three acts require personal information be disposed of in a way that prevents a privacy breach and that before disposing of electronic devices — such as computers, photocopiers and cellphones — organizations must ensure that all personal information is physically destroyed.3
The most effective way to verify that confidential data found on these devices is completely gone and not susceptible to a privacy breach is to securely destroy the hard drive before disposing of it.
However, the 2015 Shred-it Security Tracker revealed that 37 percent of American businesses surveyed have never disposed of hard drives, USBs or other hardware that contains confidential information.4 That translates into a lot of organizations that are not only risking the personal and confidential information of their customers and employees, but also risking their compliance with privacy legislation.
A data breach has many consequences – financial loss, reputational damage and also legal repercussions. It is critical that organizations protect confidential information by removing and destroying unused hard drives.
For simple workplace guidelines designed to safeguard hard drives visit the Shred-it Resource Center.
2. Data Breach Roundup
The first step in fixing a problem is knowing that it exists. In each edition we feature a high profile data breach to show businesses how they can mitigate similar risks.
This quarter we’re featuring Montefiore Medical Center.
Montefiore Medical Center: Recently Monterfiore Medical Center was forced to notify patients that a security incident had occurred when a former employee stole the private information of 12,517 individuals, including names, addresses, dates of birth, social security numbers, next of kin information and health insurance details. The employee has since been arrested and is being prosecuted for the crime.
What do you do: Internal breaches continue to be a significant threat to businesses across North America, with 50 percent of US organizations reporting that the most serious economic incidents of fraud were more likely perpetrated by internal sources.5 Unfortunately, businesses all too often overlook areas of vulnerability within their workplace, placing their confidential information at risk of a data breach. However, there are concreate actions business leaders can take to lower the risk of fraud and become more secure including:
- Implementing a clean desk policy: Without a clean desk policy or lockable storage units for employees to protect confidential information, any paperwork is vulnerable to snooping and data theft, and available to outside staff such as cleaners and building maintenance.
- Revisit and assess existing policies: The best way to improve security in an organization is to conduct frequent audits to ensure that policies and procedures are able to combat threats as they emerge.
- Don’t allow non-secure recycling bins and wastepaper baskets: Disposing information in an unsecure bin is just as risky as leaving it at a printer or on a desk. A shred-all policy ensures that employees don’t accidentally leave confidential information in unsecure bins. A third-party provider will also ensure that the material is recycled.
- Secure printers: Many offices do not require employees to use a security code to complete a print job, which means that confidential information is frequently printed and left at printing stations.
3. Customer Connections
Shred-it’s most important relationship is with its customers, which is why Shred-it Partners are trained to provide top level customer service and expertise. In each edition we highlight a Shred-it Partner that went above and beyond to provide exceptional customer service.
Elisha Glick, CISP
District Office Supervisor, Shred-it, Northern California & Hawaii
“Treat others like you want to be treated” is an old adage that continues to drive Elisha Glick’s commitment towards customer service. Often going above and beyond to address the concerns of her customers, Elisha approaches each call she receives with an unsurpassed level of professionalism and respect, relying on her experience to find the right solution for any customer concern.
Elisha credits her Shred-it colleagues and management team for inspiring her commitment to customer service.
"My heartfelt thanks again for your due diligence…Let me finish by saying that professionals like you, who really care, make a whole lot of difference in the business and that is why they appointed you district office supervisor, because you simply care!”
— Fernando Silva, Kine Med
Shred-it commends Elisha on her professionalism and willingness to go above and beyond to help a customer. Way to go Elisha!
For more tips on improving information security, please visit the Shred-it Resource Center at shredit.com/resource-center.
You can also stay informed with Shred-it on Facebook and LinkedIn or follow us on Twitter @Shredit.
1. Ponemon Institute LLC/IBM, 2015, Cost of a Data Breach Study: United States
2. American Medical Association – HIPAA Violations and Enforcement
3. Shred-it, 2015, Privacy Protection: Your Guide to Privacy Law Compliance
4. Ipsos Public Affairs/Shred-it, 2015, Shred-it’s 5th Annual Security Tracker: C-Suite Executives Lead the Information Security Race in America
5. PWC, 2014 Global Economic Crime Survey US Edition
Download PDF Version