Shred-it, an information destruction services firm, has released the results to its sixth annual Shred-it Security Tracker Survey. The results show that Canadian businesses believe human error poses the greatest risk to their information security systems, but few firms are attempting to combat those risks by implementing training programs or establishing protocols to help employees recognize issues.
According to the survey results, 41 per cent of Canadian C-Suite Executives find that employees’ lack of knowledge and human error during information security protocols is the biggest threats to their company in the future, and 47 per cent of small business owners agree. Yet, business owners are not prioritizing employee training and auditing on company information security procedures and industry legal requirements.
The findings also showed that 31 per cent of C-Suite executives say they train employees more than once per year on their industry’s legal compliance requirements, while 39 per cent of small business owners have never done so. Also, 39 per cent of small business owners have never trained employees on their company’s information security procedures, while 31 per cent only do it on an as-needed basis. 47 per cent of these small business owners only audit their policies every few years or less.
“With little training on information security procedures, employees are forced to make the decision as to what is and what isn’t considered confidential. Should they make an error in judgement, the organization can unintentionally be exposed to serious information security issues and the potential for fraud,” said Andrew Lenardon, Shred-it’s global director, in a press release. “To mitigate this uncertainty and help employees understand their roles and responsibilities for data management, business leaders must conduct frequent training and test that training with audits of internal and external protocols.”
Shred-it recommends businesses make training an ongoing process to keep employees’ attention on risks, ensuring information security policies and procedures are being followed. Only about half of the C-Suite Executives polled (57 per cent) and less than half of small business owners (43 per cent) have a protocol for disposing of or storing confidential paper data that is strictly adhered to by all employees. Meanwhile, 61 per cent of C-Suite Executives and 40 per cent of small business owners have a protocol in place for electronic devices that is strictly adhered to by all employed by the company.
“By failing to ensure employees understand and follow security policies, Canadian businesses are putting their organization and reputations at-risk by exposing valuable customer, employee and business data,” added Lenardon. “Regular training and auditing not only mitigates the risk of data breaches caused by human error or lack of knowledge of security practices, but also serves as a helpful reminder to employees to follow policies. Training and auditing is a critical part of every information security plan and are vital in reducing data breaches.”
Shred-it suggests a few methods to help prevent information security breaches: shredding all paper documents (as 28 per cent of small business owners do) instead of letting employees decide what should and should not be shredded; instituting a clean desk policy requiring all employees to clear their desks and lock up documents when they leave their desk for an extended period of time; and destroying hardware by wiping hard drives in-house and then physically destroying them to ensure the information cannot be accessed in the future.