U.S. business leaders are unprepared for the increased threat to information security that comes with flexible office environments, according to the 2016 Shred-it Security Tracker information security survey. The study shows that leaders are not providing the protocols and training needed to ensure customer and competitive information remains secure in a mobile work environment.
With the number of mobile workers in the US expected to reach 105 million by 20201, more workers are using the tools of the modern workforce, including laptops, USBs and cloud storage to connect outside the traditional office environment. The 2016 Security Tracker shows that the majority of C-Suite Executives (92%) and just over half of small business owners (SBOs) (58%) have at least some employees using a flexible/offsite working model. Yet, only 31% of C-Suite Executives and 32% of SBOs said they have an information security policy for both off-site work environments and flexible working areas in place.
“Without ongoing training and comprehensive policies for remote and flexible workplaces, businesses are at risk,” says Andrew Lenardon, Global Director, Shred-it. “Although employees want increased flexibility and the ability to work remotely, business leaders must ensure that the right information security and training protocols are in-place to protect confidential customer and business data.”
Policies and procedures governing the secure storage and destruction of mobile devices are essential in an organization’s information security policy. While larger U.S. organizations have incorporated this as part of their overall efforts, small businesses have room to improve how they are destroying and storing digital data.
SBOs are more likely to wipe/degauss electronic devices in-house (37%), risking inadvertently exposing the confidential data stored on the hard drive when the device is sent to be recycled or reused. In contrast, their C-Suite counterparts follow the best practices for data destruction and almost half (47%) use a professional destruction service to dispose of their unneeded electronic material.
Regularly destroying hardware is another important part of device management as legacy hardware stockpiled and stored in the office is a risk for theft. However, 60% of SBOs only dispose of hard drives, USBs, and other electronic devices containing confidential information less than once a year or never. Comparatively, a majority of C-Suite Executives (76%) indicate their businesses destroy hardware every two to three months – or more frequently.
“The only proper way to protect information is to physically destroy the hard drive – simply wiping the device does not ensure sensitive information is completely removed,” says Lenardon. “Implementing security policies that address how digital devices are stored and destroyed is vital for any sized organization to help address the additional risks associated with mobile working.”
While C-Suite Executives are focused on electronic device and data destruction, they must not become complacent with the storage and destruction of paper documents as their employees are no longer tied to the traditional office. Approximately 46% of C-Suite Executives report having a protocol for destroying confidential documents adhered to by all employees – a dramatic drop from 2015 where 63% of C-Suite Executives reported having a protocol in place adhered to by all employees.
To help businesses of all sizes ensure their corporate policies and training around data protection and security keep pace with the evolving work environment, Shred-it is providing seven simple workplace guidelines:
- Remind employees not to leave hardware or materials in vehicles, hotels, coffee shops or elsewhere.
- Limit the type of documents that employees can remove from the office, as there is no way to ensure data is secured when outside of the company’s control
- Encrypt all phones and hard drives, and activate passwords on electronic devices.
- Perform a regular cleaning of storage facilities and avoid stockpiling obsolete electronic devices
- Destroy all unused hard drives using a third-party provider who has a secure chain of custody and confirms destruction.
- Regularly review your organizations information security policy to incorporate new and emerging forms of electronic media.
- Schedule on-going training so employees understand best practices for protecting confidential information – in and out of the workplace.
As workforces become more mobile, C-Suite Executives and Small Business owners face similar challenges when it comes to protecting sensitive data. To mitigate the increased risk of an increasingly mobile workforce, businesses of all sizes must be proactive in introducing protocols and training to keep employee, customer and company data safe.
Every year, Shred-it develops the State of the Industry Report to highlight common Information Security trends and emerging challenges based on the Security Tracker’s key findings. Now in its fifth year this report provides comprehensive insights and tips on how businesses can protect and mitigate risks when it comes to information security. Download the current report to learn more about information security trends, as well as ways in which businesses, large and small, can protect their data.
1
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.