New survey finds document security practices not measuring up to rise in paper use
CINCINNATI, OH – The seventh annual Shred-it Information Security Tracker Survey, conducted by Ipsos, reveals that with the move towards a “paperless” office, U.S. businesses are not prioritizing the management of confidential information in all forms.
Even with the evolution of a mobile and increasingly digital workforce, paper documents continue to be a core component of office life. According to the 2017 Security Tracker survey, 39 percent of C-Suite Executives (C-Suites) anticipate an increase in the volume of paper their organization will use over the next year and 52 percent of Small Business Owners (SBOs) anticipate the volume of paper to stay relatively the same. Despite this, SBOs demonstrate a lack of understanding of the vulnerabilities a lingering paper trail can create within their organization.
“Whether it be on lingering paper documents or electronic devices, properly disposing of or securing sensitive information is the best way for a business to protect their customers, their reputation and their people,” says Kevin Pollack, Senior Vice President, Shred-it. “Companies of all sizes need to start taking proactive measures to ensure their employees are trained on destruction procedures, that sensitive information is stored securely, and that they’re mitigating information security threats by disposing of paper and electronic devices in a timely fashion.”
The Security Tracker survey reveals that 32 percent of SBOs believe that the loss or theft of documents would cause no damage to their organization and 31 percent think a data breach wouldn’t significantly impact their business. Their actions reflect a lack of concern – 39 percent of SBOs have no policy in place for storing and disposing of confidential paper documents and just under half (49 percent) shred all documents, regardless of whether considered confidential or not. Additionally, only a small percentage (13 percent) have a locked console in the office and use a professional shredding service to destroy confidential documents.
Unlike their smaller counterparts, most larger U.S. organizations have implemented policies that address confidential data in all forms. However, their practices continue to leave the door open for fraud, especially when it comes to the secure storage and destruction of electronic devices and hard drives. Although 96 percent of large businesses have a policy in place to store and destroy electronic devices, fewer C-Suites than ever before are disposing of electronic devices on a regular basis. The percentage of C-Suite respondents who dispose of electronic devices, including hard drives, on a quarterly basis or more frequently has gone down from 76 percent in 2016 to 57 percent in 2017.
Ultimately, these security shortfalls have led to a lack of confidence in both small and large businesses. Confidence in current secure destruction systems for both paper and electronic media is low, with 43 percent of C-Suites and 46 percent of SBOs reporting that they feel less than very confident. Additional factors contributing to low confidence may include a lack of employee knowledge of the legal requirements in their industry, or a lack of training on company policies for the disposal, destruction, and storage of confidential and non-confidential information. In fact, only about half of all C-Suites (51 percent) train their employees on legal requirements at least twice a year and 36 percent of SBOs never train their employees at all – highlighting the need for more robust training within businesses both large and small.
Additional Key Information Security Tracker Findings Include:
Real Estate:
- When asked to rate their understanding of the legal requirements for storing, keeping, or disposing of confidential information, 19 percent of respondents in the real estate industry said they have “some understanding of the requirements and somewhat adhere to them, but not on a daily basis.”
- 26 percent of respondents in the real estate industry say no policy exists for storing and disposing of confidential information on electronic devices.
Retail:
- Only 12 percent of respondents in the retail space use a locked console and a professional shredding service.
- When asked if they had a strong understanding of legal requirements for storing, keeping, or disposing of confidential information, 65 percent of retail executives said they do.
Finance/Legal/Insurance:
- When asked if they had a strong understanding of legal requirements for storing, keeping, or disposing of confidential information, 88 percent of finance/legal/insurance executives claimed they do.
- Training of staff on company’s information security procedures is highest among the finance/legal/insurance industries (81 percent).
Business Services:
- When asked to rate their understanding of the legal requirements for storing, keeping, or disposing of confidential information, 23 percent of respondents in the business services industries said they have “some understanding of the requirements and somewhat adhere to them, but not on a daily basis.”
- 24 percent of respondents in the business services industries say no policy exists for storing and disposing of confidential paper documents.
Public Services:
- 21 percent of respondents in the public services industries say no policy exists for storing and disposing of confidential paper documents.
- 28 percent of respondents in the public services industries say no policy exists for storing and disposing of confidential information on electronic devices.
Each year Shred-it develops the State of the Industry Report to provide additional information on common information security trends and emerging challenges. Now in its sixth year this report provides comprehensive insights and tips on how businesses can protect and mitigate risks when it comes to information security. Download the current report to learn more about the ways businesses, large and small, can protect their data.
About the 2017 Security Tracker:
Ipsos conducted a quantitative online survey of two distinct sample groups: small business owners in the United States (n=1,000), and C-Suite Executives working for businesses in the United States with a minimum of 500 employees (n=100). The precision of Ipsos online surveys are calculated via a credibility interval. In this case, the U.S. SBO sample is considered accurate to within +/- 3.5 percentage points had all small business owners been surveyed, and the U.S. C-Suite sample is accurate to within +/- 11.2 percentage points had all C-Suites been surveyed. The fieldwork was conducted between February 15, 2017 and February 28, 2017.
[su_box title=”About Shred-it” style=”noise” box_color=”#336588″][short_info id=’102134′ desc=”true” all=”false”][/su_box]
[su_box title=”About Ipsos” style=”noise” box_color=”#336588″][short_info id=’102138′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.