Businesses of all sizes, and in all industries, are at reputational and financial risk from information security incidents. The frequency and sophistication of these attacks are growing daily and it is no longer an option to simply think “it won’t happen to us”.
As businesses enter the second half of the year, it is the perfect time to re-evaluate their information security protocols. Small Business Owners (SBOs) especially should take note of any vulnerabilities that could leave a trail of irrevocable damage and potentially sink their business.
The average total cost of a data breach in the U.S. has increased from $7.01 million to $7.35 million, according to the Ponemon Institute. The severe financial loss and potential reputational harm caused by a breach are overwhelming for any sized organization, but especially for small businesses that may not have the resources to recover. In fact, one-third of small businesses in the U.S. need up to three years to recover from a data breach, according to the 2017 Shred-it Security Tracker survey conducted by Ipsos. For small businesses that often rely on word-of-mouth and reputation, this means multiple years of reduced business.
“Small business information security is at a pivotal point in time. Between evolving outsider and insider threats, as well as changes to state and federal regulations, when it comes to disclosing breaches, small business leaders must take the time to remain vigilant about their information security needs,” says Kevin Pollack, Shred-it Senior Vice President. “As work ramps up in the fall, it is a prime opportunity for small businesses to engage with employees about security and review their physical and digital risk. Business leaders should also take the time to implement cost-effective preventative measures to protect confidential data.”
To help SBOs strengthen their information security protocols and mitigate the risk of fraud, Shred-it has identified five strategies for avoiding data breaches and reputational damage:
Hard Drive Destruction – With so much data being shared in every transaction, it’s no surprise that 80% of office computers contain sensitive corporate information. When it comes to disposing of devices, companies need a reliable process to secure the massive amount of data they contain. Before old devices change hands, the best practice is to remove and safely destroy the hard drive to ensure the information is unrecoverable.
- Employee Training – According to the 2017 Shred-it Security Tracker, 38% of SBOs never train employees on information security protocols. But training is one of the easiest ways to protect confidential data. When employees are armed with the knowledge of what can and cannot be done when it comes to handling information, confidential paper documents and electronics are more secure. Regular employee training should be at the very core of every information security program so that all employees are aware of information destruction procedures within the company.
- Legal Proficiency – It’s not just companies in highly regulated industries that need to know the ‘ins and outs’ of legal requirements around data protection. Organizations of all sizes must understand their responsibilities for data protection and ensure their practices remain compliant with new laws to protect personal information. Yet, 33% of SBOs never audit their organization’s information security policies or procedures.1Small business leaders should consider holding meetings with new employees, as well as refreshers with all employees, multiple times a year. They should also frequently audit information security protocols to ensure they are keeping up with any changes in legislation.
- Physical Paper Shredding – Despite movements towards a paperless office, the reality is that many companies still use paper on a daily basis. In order to avoid the risk of a data breach it is important that small organizations implement information security protocols that include a Shred-it All policy. According to the 2017 Shred-it Security Tracker, less than half (49%) of SBOs shred all documents including non-confidential ones. Requiring all paper documents to be shredded removes any uncertainty around what is required to be destroyed and maintains environmental benefits because all shredded paper is recycled.
- Storage Accountability – Document management is key to fighting fraud. One of the easiest – yet most overlooked – methods for managing documents is to use locked storage consoles to protect sensitive information that is yet to be shredded or destroyed. SBOs need to have a greater awareness of how to securely store employee and customer data, whether it’s on paper or on a hard drive. Only 13% of SBOs use a locked console and a professional shredding service.2This is a shocking statistic considering SBOs are more likely to suffer long-term consequences after a data breach. To thwart insider and outside threats, SBOs should store all sensitive materials in a locked console or cabinet and limit access to the area.
For small businesses, the financial and reputational damage of a data breach can be insurmountable. Small businesses must understand their information security vulnerabilities and take a proactive approach to data management in order to protect their customers, their reputation and their people.