Shred-it: Small Businesses Risk Reputation by Ignoring Information Security Threats
October 26, 2015 (Business Wire) Shred-it reminds small business leaders that their operations rely on safe and secure information security protocols and employee training.
Information security policies and procedures play an important part in protecting small businesses from the risk of a data breach, yet the most recent Shred-it Security Tracker shows that US small businesses lag behind in terms of taking action. While 63 per cent of c-suite executives say that they have protocols in place for the storage and disposal of data that are strictly adhered to by all employees, only 46 percent of small businesses say the same. Even more troubling is the fact that 37 percent of small businesses owners admit to having no protocol in place at all, and for those who do, 40 percent never train employees in correct implementation.
“Almost 80 percent of small business owners are at least somewhat aware of their legal obligations for storing and disposing of confidential data,” says Bruce Andrew, SVP, Shred-it. “If they’re not acting on that knowledge it’s most likely due to one of two reasons: they don’t know how to protect data or they think it’s too expensive and time consuming to do so.”
Planning and implementing a comprehensive information security protocol can be a challenge for businesses with limited resources, but the alternative is much worse. According to the Ponemon Institute the average cost of a data breach is almost $6 million1—far more than any small business is equipped to absorb. Even if a breach doesn’t end up being financially ruinous or legally damaging it can erode a business’ public reputation and the confidence of its customers. For small businesses, who are built on relationships and trust, one information security breach can drive consumers away.
“In the last 10 to 20 years we have seen a profound shift toward privacy protection being viewed as core element of trust between customer and businesses” says Chris Sutherland, Cyber and Information Security Consultant. “Small businesses in particular rely on that trust relationship and need to treat data respectfully through the application of appropriate governance.”
Luckily for small businesses, there are some simple and easy-to-implement ways that will educate employees and help protect data in their organization. Shred-it is helping small business owners with convenient and executable reminders to place throughout the office that will help ensure employees know their information security responsibilities.