We focus so much on digital security, but do we focus enough on the confidential and personally identifiable information on our PAPER documents?
The seventh annual Shred-it Information Security Tracker Survey, conducted by Ipsos, reveals that with the move towards a “paperless” office, U.S. businesses are not prioritizing the management of confidential information in all forms.
Their press release reads…
Even with the evolution of a mobile and increasingly digital workforce, paper documents continue to be a core component of office life. According to the 2017 Security Tracker survey, 39 percent of C-Suite Executives (C-Suites) anticipate an increase in the volume of paper their organization will use over the next year and 52 percent of Small Business Owners (SBOs) anticipate the volume of paper to stay relatively the same. Despite this, SBOs demonstrate a lack of understanding of the vulnerabilities a lingering paper trail can create within their organization.
“Whether it be on lingering paper documents or electronic devices, properly disposing of or securing sensitive information is the best way for a business to protect their customers, their reputation and their people,” says Kevin Pollack, Senior Vice President, Shred-it. “Companies of all sizes need to start taking proactive measures to ensure their employees are trained on destruction procedures, that sensitive information is stored securely, and that they’re mitigating information security threats by disposing of paper and electronic devices in a timely fashion.”
The Security Tracker survey reveals that 32 percent of SBOs believe that the loss or theft of documents would cause no damage to their organization and 31 percent think a data breach wouldn’t significantly impact their business. Their actions reflect a lack of concern – 39 percent of SBOs have no policy in place for storing and disposing of confidential paper documents and just under half (49 percent) shred all documents, regardless of whether considered confidential or not. Additionally, only a small percentage (13 percent) have a locked console in the office and use a professional shredding service to destroy confidential documents.
Unlike their smaller counterparts, most larger U.S. organizations have implemented policies that address confidential data in all forms. However, their practices continue to leave the door open for fraud, especially when it comes to the secure storage and destruction of electronic devices and hard drives. Although 96 percent of large businesses have a policy in place to store and destroy electronic devices, fewer C-Suites than ever before are disposing of electronic devices on a regular basis. The percentage of C-Suite respondents who dispose of electronic devices, including hard drives, on a quarterly basis or more frequently has gone down from 76 percent in 2016 to 57 percent in 2017.
Ultimately, these security shortfalls have led to a lack of confidence in both small and large businesses. Confidence in current secure destruction systems for both paper and electronic media is low, with 43 percent of C-Suites and 46 percent of SBOs reporting that they feel less than very confident. Additional factors contributing to low confidence may include a lack of employee knowledge of the legal requirements in their industry, or a lack of training on company policies for the disposal, destruction, and storage of confidential and non-confidential information. In fact, only about half of all C-Suites (51 percent) train their employees on legal requirements at least twice a year and 36 percent of SBOs never train their employees at all – highlighting the need for more robust training within businesses both large and small.