Survey Finds C-Suite Executives Lead In Information Security

Small business owners, however, continue to fall significantly behind, according to Shred-It survey.

By: SDB Magazine.

The fifth annual Security Tracker survey, conducted by opinion research firm Ipsos Reid on behalf of information security and destruction company Shred-it, Toronto, reveals that while c-suite executives have begun to prioritize information security by taking positive steps to invest in security policies and procedures, small business owners continue to fall significantly behind.

According to the study, 63 percent of c-suite executives surveyed in the United States say they have a protocol for storing and disposing of confidential data that is strictly adhered to by all employees, up from 51 percent in 2014. However, small business owners saw little improvement, with 37 percent of those surveyed responding they don’t have any security protocols in place.

Large businesses also take the threat of additional regulatory penalties more seriously than small businesses, the survey finds. According to Security Tracker, 64 percent of c-suite respondents state that they believe stricter penalties for not adhering to document destruction legislation would put pressure on their organizations to improve polices.

The survey says the average data breach costs U.S. organizations nearly $195 per record lost and legislation violation fines can cost as much as $50,000-$100,000. While a larger organization may be better able to absorb a large penalty, for a small business one breach could result in bankruptcy, according to the survey.

“Considering that c-suite executives are placing a greater priority on information security practices, small business owners need to examine their own policies to ensure they match those of their large scale counterparts,” says Sarah Koucky, vice president, security at Shred-it. “Online predators, inside sources and fraudsters will continue to target businesses and if the right policies and practices are not in place, small businesses will be the ones to fall victim.”

The Security Tracker also shows that even when they have protocols in place small businesses are falling behind in auditing themselves. For example, 27 percent of small business owners say they audit on a frequent bases, compared to 69 percent of c-suite executives who say the same. According to the survey, one quarter of small business owners never audit information security procedures and protocols.

Shred-it offers the following tips to help both small and large organizations safeguard their business information:

  • Demonstrate a top-down commitment from management to the total security of your business and customer information.
  • Implement formal information security policies; train your employees to know the policies well and follow them strictly.
  • Eliminate potential risk by introducing a “shred-all” policy; remove the decision-making process regarding what is and isn’t confidential.
  • Conduct a periodic information security audit.
  • Introduce special locked containers instead of traditional recycling bins for disposing of confidential documents.
  • Don’t overlook hard drives on computers or photocopiers. Erasing hard drives does not mean data is destroyed. Physical hard drive destruction is proven to be the only 100 percent secure way to destroy data from hard drives.