2015 information security survey shows growing awareness among c-suite
executives, but ongoing complacency among small businesses
TORONTO, June 24, 2015 /CNW/ - This year's annual Shred-it Security
Tracker, shows a growing divide between large organizations and small
businesses when it comes to information security.
According to the study conducted by Ipsos Reid, c-suite executives have
not only recognized the real threat posed by data breaches, they've
taken concrete steps to improve their security policies and procedures.
For instance, 65 per cent of executives say they have protocols in
place for storing and disposing of confidential data, up from 42 per
cent in 2014. Moreover, large organizations are increasingly demanding
of their suppliers—45 per cent of large organizations require suppliers
have an information security policy in place and 41 per cent require a
security breach response plan.
While c-suite respondents have embraced information security, small
business owners have made very little headway in combating information
security threats with 37 per cent saying they don't have a protocol for
storing or disposing of confidential data. That not only puts the
confidential information of their employees and customers at risk, but
it also jeopardizes potential business opportunities. Companies without
basic information security protocols in place are essentially
disqualifying themselves from working with large organization that vet
"After five years of conducting this study it's good to finally see that
large organizations are investing in information security and demanding
that their suppliers do so as well," said Sarah Koucky, Vice President,
Security at Shred-it. "However, as small business continues to lag
behind their larger counterparts, they'll increasingly expose
themselves to not only theft and fraud, but severe financial
repercussions that would result in bankruptcy."
The security tracker also shows that large organizations are doing a
better job of training and auditing their employees—88 per cent say
their companies "frequently" or "sometimes" conduct audits versus 64
per cent in 2014, and 69 per cent say that they train their employees
on security protocols at least once per year, up from 43 per cent the
Compare that with small businesses. Only 56 per cent say they
"frequently" or "sometimes" conduct audits, and a shocking 36 per cent
say they have never trained their staff on information security
"The best way to improve security in an organization is to conduct
regular training and then test that training with frequent audits of
internal and external protocols," says Koucky. "Together, training and
testing ensure that policies and procedures are able to combat threats
as they emerge and limit exposure to the risk of fraud."
Auditing and training are only two of the ways small businesses can
improve their information security and better position themselves to
conduct business with larger Canadian organizations. There are many
simple steps that can help mitigate the risk of a costly data breach.
To better secure physical assets, businesses should:
Provide employees with filing cabinets that can be locked.
Eliminate unsecure recycling bins and provide secure shredding
containers for the secure destruction of documents.
Securely destroy old hard drives once they are no longer needed.
Use laptop locks that prevent physical theft.
To better secure digital information, businesses should:
Encrypt employee smartphones so that data is secure if phones are lost
Regularly update software to ensure security holes are patched.
Limit access to network folders with sensitive information.
Install anti-malware software on all computers and block access to risky
To instill a culture of security, businesses should:
Develop rules for proper document management that include storage and
Implement policies that describe the equipment, data and documents that
employees are and are not permitted to remove from the office.
Train all new employees on information security policies and procedures.
Tie adherence to information security policies to the performance review
Shred-it is a world-leading information security company providing
information destruction services that ensure the security and integrity
of our clients' private information. The company operates in 170
markets throughout 18 countries worldwide, servicing more than 400,000
global, national and local businesses. For more information, please
About Ipsos Reid
Ipsos Reid is Canada's market intelligence leader, the country's leading
provider of public opinion research, and research partner for loyalty
and forecasting and modeling insights. With operations in eight cities,
Ipsos Reid employs more than 600 research professionals and support
staff in Canada. The company has the biggest network of telephone call
centres in the country, as well as the largest pre-recruited household
and online panels. Ipsos Reid's marketing research and public affairs
practices offer the premier suite of research vehicles in Canada, all
of which provide clients with actionable and relevant information.
Staffed with seasoned research consultants with extensive
industry-specific backgrounds, Ipsos Reid offers syndicated information
or custom solutions across key sectors of the Canadian economy,
including consumer packaged goods, financial services, automotive,
retail, and technology & telecommunications. Ipsos Reid is an Ipsos
company, a leading global survey-based market research group. To learn
more, visit www.ipsos.ca.
About the 2015 Security Tracker:
Ipsos Reid conducted a quantitative online survey of two distinct sample
groups: small business owners in Canada (n=1,000), and C-suite
executives working for businesses in Canada with a minimum of 100
employees (n=101). This survey is considered accurate to within 3.5
percentage points had all small business owners been surveyed and to
within 11.2 percentage points had all C-suites been surveyed. The
fieldwork was conducted between April 20 and May 3, 2015.
Image with caption: ""Do your information security policies stand up?" (CNW Group/Shred-It International) (CNW Group/Shred-it)". Image available at: http://photos.newswire.ca/images/download/20150624_C9889_PHOTO_EN_43810.jpg
Image with caption: "Shred-it (CNW Group/Shred-it)". Image available at: http://photos.newswire.ca/images/download/20150624_C9889_PHOTO_EN_43811.jpg
For further information:
NATIONAL Public Relations (for Shred-it)
Janine Smith, 416-848-1709
PR & Communications Shred-it
Katarina Kristanic, 905-491-2250