Businesses not fully implementing infosec programs

Many U.S. small businesses are taking a passive approach when it comes to protecting their data leaving themselves vulnerable to data loss and possible financial and reputational damage.

Small businesses do not fully comprehend the impact a data breach could have and as a result, are not safeguarding sensitive information as thoroughly as they should, according to Shred-it.

The 2013 Shred-it Information Security Tracker indicates that an alarming number of small businesses (69 percent) are not aware or don’t believe data being lost or stolen would result in financial impact and harm to their businesses credibility.

This false sense of security is putting businesses at risk. In fact, the study found that:

• Forty per cent of small business owners have no protocols in place for securing data, a five percent increase from last year.
• More than 1/3 of the small business report that they never train staff on information security procedures.
• Forty eight per cent have no one directly responsible for management of data security.
• Only 18 per cent would encourage new data privacy legislation requiring stricter compliance and penalties to information security threats.

“As we celebrate National Small Business Week, we’re urging companies to be vigilant when it comes to information security,” said Mike Skidmore, Privacy & Security Officer, Shred-it. “We have seen a consistent increase in small businesses without security protocols in place and a crucial first step for practicing effective information security is improving awareness of policies and procedures. Organizations face a lot of risks, but enforcing sensitive data safeguarding as a company-wide practice will potentially avert both significant financial and reputational damage.”

It is crucial that businesses of all sizes take proactive steps to protect against data breaches. The 2013 Security Tracker found that more C-suite executives (12 percent) reported financial losses of more than $500,000 due to data breaches this year than in previous years; yet, 23 per cent of the C-suite executives surveyed do not believe a data breach will impact their business.

At the same time, while awareness of legal requirements among C-suite executives was up four percent from 2012, only 16 per cent report training employees on protocol twice a year, down 11 per cent from 2012.

In today’s global business climate, businesses small and large are operating in increasingly expansive supply chains, outsourcing services to various vendors and sharing sensitive information to facilitate business transactions. As touch points in the supply chain increase, so does risk and businesses need to hold each other to a higher security standard. All it takes is one breach for many reputations to be damaged.

With that in mind, U.S. companies should consider re-evaluating the risks associated with sharing data with members of their supply chain. Do these partners also demonstrate a commitment to information security? By creating a far-reaching information security policy that encompasses business partners and suppliers, companies can do a more effective job of protecting the confidential data of all Americans.

Companies looking to put an information security policy and process in place are urged to apply for a free risk assessment service by a trained and background checked Shred-it representative. An online risk assessment survey is also available on the website. This will help you to determine how you are managing confidential information and the information destruction process. Having a system in place will better protect the overall business supply chain against the impact of a data security breach.