2015 information security survey shows growing awareness among c-suite executives, but ongoing complacency among small businesses
TORONTO, June 24, 2015 /CNW/ - This year's annual Shred-it Security Tracker, shows a growing divide between large organizations and small businesses when it comes to information security.
According to the study conducted by Ipsos Reid, c-suite executives have not only recognized the real threat posed by data breaches, they've taken concrete steps to improve their security policies and procedures. For instance, 65 per cent of executives say they have protocols in place for storing and disposing of confidential data, up from 42 per cent in 2014. Moreover, large organizations are increasingly demanding of their suppliers—45 per cent of large organizations require suppliers have an information security policy in place and 41 per cent require a security breach response plan.
While c-suite respondents have embraced information security, small business owners have made very little headway in combating information security threats with 37 per cent saying they don't have a protocol for storing or disposing of confidential data. That not only puts the confidential information of their employees and customers at risk, but it also jeopardizes potential business opportunities. Companies without basic information security protocols in place are essentially disqualifying themselves from working with large organization that vet their suppliers.
"After five years of conducting this study it's good to finally see that large organizations are investing in information security and demanding that their suppliers do so as well," said Sarah Koucky, Vice President, Security at Shred-it. "However, as small business continues to lag behind their larger counterparts, they'll increasingly expose themselves to not only theft and fraud, but severe financial repercussions that would result in bankruptcy."
The security tracker also shows that large organizations are doing a better job of training and auditing their employees—88 per cent say their companies "frequently" or "sometimes" conduct audits versus 64 per cent in 2014, and 69 per cent say that they train their employees on security protocols at least once per year, up from 43 per cent the previous year.
Compare that with small businesses. Only 56 per cent say they "frequently" or "sometimes" conduct audits, and a shocking 36 per cent say they have never trained their staff on information security protocols.
"The best way to improve security in an organization is to conduct regular training and then test that training with frequent audits of internal and external protocols," says Koucky. "Together, training and testing ensure that policies and procedures are able to combat threats as they emerge and limit exposure to the risk of fraud."
Auditing and training are only two of the ways small businesses can improve their information security and better position themselves to conduct business with larger Canadian organizations. There are many simple steps that can help mitigate the risk of a costly data breach.
To better secure physical assets, businesses should:
- Provide employees with filing cabinets that can be locked.
- Eliminate unsecure recycling bins and provide secure shredding containers for the secure destruction of documents.
- Securely destroy old hard drives once they are no longer needed.
- Use laptop locks that prevent physical theft.
To better secure digital information, businesses should:
- Encrypt employee smartphones so that data is secure if phones are lost or stolen.
- Regularly update software to ensure security holes are patched.
- Limit access to network folders with sensitive information.
- Install anti-malware software on all computers and block access to risky sites.
To instill a culture of security, businesses should:
- Develop rules for proper document management that include storage and disposal.
- Implement policies that describe the equipment, data and documents that employees are and are not permitted to remove from the office.
- Train all new employees on information security policies and procedures.
- Tie adherence to information security policies to the performance review process.
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. The company operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit www.shredit.com.
About Ipsos Reid
Ipsos Reid is Canada's market intelligence leader, the country's leading provider of public opinion research, and research partner for loyalty and forecasting and modeling insights. With operations in eight cities, Ipsos Reid employs more than 600 research professionals and support staff in Canada. The company has the biggest network of telephone call centres in the country, as well as the largest pre-recruited household and online panels. Ipsos Reid's marketing research and public affairs practices offer the premier suite of research vehicles in Canada, all of which provide clients with actionable and relevant information. Staffed with seasoned research consultants with extensive industry-specific backgrounds, Ipsos Reid offers syndicated information or custom solutions across key sectors of the Canadian economy, including consumer packaged goods, financial services, automotive, retail, and technology & telecommunications. Ipsos Reid is an Ipsos company, a leading global survey-based market research group. To learn more, visit www.ipsos.ca.
About the 2015 Security Tracker:
Ipsos Reid conducted a quantitative online survey of two distinct sample groups: small business owners in Canada (n=1,000), and C-suite executives working for businesses in Canada with a minimum of 100 employees (n=101). This survey is considered accurate to within 3.5 percentage points had all small business owners been surveyed and to within 11.2 percentage points had all C-suites been surveyed. The fieldwork was conducted between April 20 and May 3, 2015.
Image with caption: ""Do your information security policies stand up?" (CNW Group/Shred-It International) (CNW Group/Shred-it)". Image available at: http://photos.newswire.ca/images/download/20150624_C9889_PHOTO_EN_43810.jpg
Image with caption: "Shred-it (CNW Group/Shred-it)". Image available at: http://photos.newswire.ca/images/download/20150624_C9889_PHOTO_EN_43811.jpg
For further information: