Employee training plays a critical role in combating flawed and inaccurate information
OAKVILLE, ON, July 19, 2016 /CNW/ - Commonly held myths about information security can lead to a potential data breach and ultimately have a big impact on a company's bottom line and reputation. However, these breaches can be avoided when businesses provide their employees with the right training and tools to separate fact from fiction and responsibly manage confidential information.
A recent study shows that 25 per cent of data breaches in the past year were caused by human error1, yet according to the 2016 Shred-it Security Tracker information security survey conducted by Ipsos earlier this year, only 31 per cent of Canadian C-Suite respondents say they train employees more than once a year on how to remain compliant with their industry's legal requirements for the storage and destruction of confidential information. Results are similar on the small business front, with 39 per cent of Canadian small business owners reporting that they never train employees on how to remain compliant with legal requirements or company information security procedures and 31 per cent only conduct training on an ad-hoc or as-needed basis.
"Without training and education on how to safely manage, store and destroy confidential information employees may be unaware of their responsibilities and how their actions can open their business or customers to fraud," said Andrew Lenardon, Global Director at Shred-it International. "Businesses need to help their teams become more aware of the risks associated with mishandling confidential information to avoid penalties, fines or damages to their reputation caused by poor information security practices."
Shred-it sets the facts straight on 7 common information security myths:
Myth 1: Erasing data from a hard drive completely removes the information.
Fact: Simply deleting confidential electronic records does not ensure the data stored on the hard drive is completely gone. The only way to ensure confidential information is protected is to remove and destroy the hard drive before the device is resold, recycled or disposed.
Myth 2: It is safe to dispose of confidential information, as long as the paper is torn into little pieces.
Fact: Torn paper can easily be removed from an unsecure bin and pieced back together. Organizations should have locked disposal consoles and require all documents to be shredded. Implementing a Shred-it All policy eliminates the guesswork of what is and isn't confidential and ensures employees don't accidentally leave confidential information in an unsecure bin. In addition, shredding also has an environmental benefit because all shredded paper is recycled.
Myth 3: You can confidentially enter personal information on a website if you recognize the source or the sender that sent you the link.
Fact: Scam emails are often designed to look real and may insist that personal or corporate information is needed2. Business or personal information should never be entered into a link from an email, even if the site appears credible. Experts recommend typing the website in directly or navigating to it via bookmarks.
Myth 4: You can use your own smart phone or another device at work, as long as it is password protected.
Fact: Though it's common practice for employees to use their own devices for work, personal devices can create a number of security-related issues. Even if they are password protected, all devices should be encrypted to protect the confidential information stored on them. Bring your own device (BYOD) security programs should also be in place to protect the pathway from the personal device to corporate systems.
Myth 5: Keeping material on my desk at work is safe.
Fact: Untidy work stations pose a threat because loose paperwork on desktops can be vulnerable to snooping and data theft. Organizations should implement a Clean Desk policy and require all documents to be stored in locked filing cabinets when employees are away from their desks.
Myth 6: Messages on smart phones or laptops are private.
Fact: Visual hacking of information on mobile devices can occur almost anywhere. Organizations should provide employees with privacy screens for laptops, tablets and other mobile devices to keep confidential information safe from prying eyes.
Myth 7: Public Wi-Fi is safe if it is password protected.
Fact: Even when password protected, shared or public internet connections can still expose valuable information to data thieves and hackers. Never use public Wi-Fi for sensitive work information. Organizations should establish policies that encourage employees to connect only to trusted networks for work purposes.
Without the right training on how to work with confidential information, employees may be unaware of their responsibilities and the security risks their actions can bring to the business. By debunking myths and banishing information security bad habits, organizations will be better able to protect their customers, their reputation and their people.
For more information on how to mitigate the risk of human-error related fraud visit the Shred-it Resource Centre or download our Infographic.
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. A wholly, owned subsidiary of Stericycle, Shred-it operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit www.shredit.com.
1 Ponemon 2016 Cost of a Data Breach Study: Canadian Page 2
2 Canada Revenue Agency – Protect yourself against fraud
Image with caption: "Break Your Information Security Bad Habits! (CNW Group/Shred-it)". Image available at: http://photos.newswire.ca/images/download/20160719_C5458_PHOTO_EN_736667.jpg
Image with caption: "Shred-it (CNW Group/Shred-it)". Image available at: http://photos.newswire.ca/images/download/20160719_C5458_PHOTO_EN_736661.jpg
For further information: Lauren Poplak, NATIONAL Public Relations (for Shred-it), T: 416-848-1378, E: firstname.lastname@example.org; Katarina Kristanic, Director, PR & Communications Shred-it, T: 905-491-2250, E: email@example.com