Fraud and information theft present serious risks to businesses of all sizes, yet recent research suggests that U.S. business leaders may underestimate the significant damage that a data breach can cause.
The 2016 Shred-it Security Tracker survey by Ipsos revealed that only 36 percent of U.S. C-Suite respondents recognize that lost or stolen data would have a serious impact on their organization. Equally concerning, over a third (34 percent) of Small Business Owners (SBO’s) believe a data breach would have no significant impact on their business.
In contrast, the survey found that 52 percent of global respondents from six countries understand that lost or stolen data would have a significant impact on their organization, with 24 percent recognizing that data breach would damage the organization’s credibility and reputation.
The reality is, a data breach is a real risk and can cause significant financial damage. In the U.S., there was an average of 29,611 breached records containing sensitive and confidential information, with each lost or stolen record costing an average of $221 in 2016. In addition to financial loss, a data breach can result in legal issues or worse, erode a business’ public reputation and customer loyalty.
Underestimating the implications of a data breach can lead business leaders to neglect information security protocols and cutback their investment in data protection, significantly increasing their risk of falling victim to fraud.
To mitigate the impact of fraud and protect valuable information, businesses should implement the following measures as part of a comprehensive approach to data security:
- Take this Fraud Risk Quiz to evaluate your risk of fraud, and identify areas where security protocols and procedures need to be improved.
- Implement a Shred-it All policy to remove any uncertainty by requiring all paper documents to be shredded. When destroyed by a certified vendor like Shred-it, all shredded paper is recycled, adding an environmental benefit to the policy.
- Introduce a Clean Desk policy to ensure that documents are securely stored in locked filing cabinets and discourage deskside recycling bins to reduce the risk of confidential data making its way out of the office.
- Don’t let old or unused devices pile up once no longer in use. Remove and destroy hard drives before selling or scrapping old devices to ensure that confidential data is irretrievable by potential fraudsters.
- Train mobile employees in information security policies and require that they take appropriate precautions when removing any data from the workplace. This includes not leaving hardware or materials in vehicles, encrypting phones and hard drives, and activating passwords on electronic devices to protect the confidential information stored on them.
Understanding the impacts of fraud, identifying organizational vulnerabilities and putting in place proper measures for data protection are the most valuable investments business leaders can make to protect against the significant financial, legal and reputational damage of data breach.
[su_box title=”About IFAW” style=”noise” box_color=”#336588″][short_info id=’97410′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.