Shred-it helps combat Office Security Breaches
Shred-it's 2016 Security Tracker shows that businesses are increasingly at risk due to human error and negligence. Shred-it's Andrew Lenardon spoke with 680News to discuss ways of combating this risk.
- Shred-it helps combat Office Security Breaches
To play the media you will need to either update your browser to a recent version or update your Flash plugin
Kris McCusker: Human error is seen as the biggest risk to information technology. That's the finding in the 6th annual Shred-it Security Tracker survey, which urges immediate action to help mitigate the risk. Andrew Lenardon is the Director of Global Accounts at Shred-it.
Andrew Lenardon: Canadian businesses see human error as a leading cause of information security breaches, but at the same time, few organizations are implementing training programs and establishing protocols to help their employees reduce that risk. And even though you may train your employees, you need to implement an auditing program to ensure that your employees are compliant with your policies. That's the proactive part that a lot of people miss.
KM: So what do you suggest?
AL: We advocate for a couple of things. One is a Shred All Policy. That's a program that helps reduce the risk of confidential information leaving the building in the recycling where it can be found by others. Another one is a Clean Desk Policy. A Clean Desk Policy encourages employees to clear their desks of all documents when they're away from their workstation for an extended period of time and thereby limit access to unauthorized persons. A third step that is pretty critical is disposing of obsolete hard drives in a physical manner. Physically destroying them. Unfortunately the process of wiping or degaussing doesn't really ensure that the data is inaccessible, so physical destruction, either shredding or punching them, is really the only safeguard.
KM: So you're taking a better safe than sorry mentality on this.
AL: Canadian businesses should take a minute to look at their business practices for handling confidential information and they should really be considering what would happen to their revenue if they did have an information breach and their customers became unsure of doing business with them.