Shred-it Study Exposes Employee Negligence as Top Information Security Risk to U.S. Businesses

News provided by

Shred-it

20 Jun, 2018, 08:00 ET

Report reveals increase in remote and off-site employees, vulnerable paper trails, unmanned computers and lack of information security training are contributing to information security gaps among U.S. businesses.

LAKE FOREST, IL, June 20, 2018 /PRNewswire/ - With one-third of working adults in the U.S. admitting to potentially risky behavior at work, employee negligence poses major security concerns for U.S. businesses. That is according to Shred-it's State of the Industry Report, which exposes information and data security risks currently threatening U.S. enterprises and small businesses and includes survey findings from the Shred-it Security Tracker, conducted by Ipsos.  

When assessing the cause of data breaches, the report found that employee negligence or accidental loss is a main cause. Nearly half of C-Suite Executives (C-Suites) (47 percent) and Small Business Owners (SBOs) (42 percent) reported that human error or accidental loss by an employee was the cause of a data breach. Additionally, one in four C-Suites (28 percent) and one in five SBOs (17 percent) reported human error or accidental loss by an external vendor caused their organization to suffer a data breach. 

"The study's findings clearly show that seemingly small habits can pose great security risk and add up to large financial, reputational and legal risks," said Monu Kalsi, Vice President, Shred-it. "For companies looking to better protect their data, smart information security begins with giving employees access to smart information security practices and training. Through consistent training and education, businesses of all sizes can take back ownership of information security and create a more security-minded work culture among their employees."

The study also found that 78 percent of C-Suites and just over one in four (28 percent) SBOs plan to train their staff on information-security procedures and policies over the next year. Additional findings from the report expose high risk areas and activities businesses should consider examining, including:

Off-site and remote work habits: When employees work remotely or off-site, businesses believe the odds of a data breach occurring are higher.

  • Eighty-six percent of C-Suites and 60 percent of SBOs agree that the risk of a data breach is higher when employees work off-site than when they work at the office.
  • However, despite security risk concerns, just 35 percent of SBOs have a policy in place for storing or disposing of confidential information while working off-site, while 54 percent of SBOs have no policy in place at all.
  • A majority of C-Suites have an information security plan in place. These respondents reported that they train employees on keeping sensitive information out-of-sight when working in a public space (81 percent), sharing company-issued electronic devices with family or friends (60 percent), keeping company-issued devices safe from interference from children or pets at home (56 percent), using public Wi-Fi (54 percent), identifying fraudulent emails (71 percent), and providing guidance on how to report a lost or stolen electronic device (73 percent).

Physical document security: From loosely stored confidential notes on a desk to the theft of paper documents while working off-site, U.S. employees create vulnerable paper trails.

  • Most U.S. workers (65 percent) admit they take notes at work in a paper notebook. Additionally, two in five (39 percent) admit they leave these work documents or notebooks on their desk after they leave the office for the day, leaving documents with confidential information vulnerable to theft.
  • Thirty-six percent of C-Suites admit employees lost or had paper documents with sensitive company information stolen, compared to just six percent of SBOs.
  • As workers continue to turn to pen and paper to take confidential business notes inside and outside the office, the good news is that 96 percent of C-Suites say they have a policy for storing and disposing confidential paper documents. However, just 49 percent of SBOs report that they have a paper policy in place.

Device use: Bad employee habits are bad news for businesses, as U.S. workers are losing computers and mobile devices and/or leaving them vulnerable to theft.

  • One in four U.S. workers (26 percent) leave their computer on and unlocked when they leave work for the day.
  • Around half of C-Suites indicate that they have had employees who lost or had their company laptop/device (49 percent) or company mobile phone (43 percent) stolen. Comparatively, SBOs were much less likely to report employees had lost or had their company laptop/device (7 percent) or company mobile phone (9 percent) stolen.
  • One in five C-Suites (17 percent) and SBOs (18 percent) suffered a data breach due to an employee losing or having sensitive information stolen.

To learn more about the 2018 Security Tracker and to receive additional findings, download the 2018 Shred-it State of the Industry Report.

About Shred-it
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. Shred-it, a Stericycle solution, operates in 170 markets throughout 19 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit www.shredit.com.

About Ipsos
Ipsos ranks third in the global research industry. With a strong presence in 87 countries, Ipsos employs more than 16,000 people and has the ability to conduct research programs in more than 100 countries. Founded in France in 1975, Ipsos is controlled and managed by research professionals. They have built a solid Group around a multi-specialist positioning – Media and advertising research; Marketing research; Client and employee relationship management; Opinion & social research; Mobile, Online, Offline data collection and delivery.

Ipsos is listed on Eurolist - NYSE-Euronext.  The company is part of the SBF 120 and the Mid-60 index and is eligible for the Deferred Settlement Service (SRD). www.ipsos.com.

About the 2018 Security Tracker Study
Ipsos conducted a quantitative online survey of Small Business Owners (SBO) in the United States (n=1,003), maximum 100 employees and C-Suite Executives in the United States (n=101). C-Suite executives work for companies with a minimum of 500 employees in the United States. Data for Small Business Owners is weighted by region. Data for C-Suite Executives is unweighted as the population is unknown. The precision of Ipsos online surveys is calculated via a credibility interval. In this case, the U.S. SBO sample is considered accurate to within +/- 3.5 percentage points had all U.S. small business owners been surveyed, and the U.S. C-Suite sample is accurate to within +/- 11.1 percentage points had all U.S. C-Suite executives been surveyed. The fieldwork was conducted between April 3rd and April 21st, 2018.

In addition to the quantitative online survey, Ipsos conducted a short omnibus survey among a gen pop sample of n=1,002 Americans about data protection and security.

SOURCE Shred-it

PRN Top Stories Newsletters

Sign up to get PRN’s top stories and curated news delivered to your inbox weekly!

Thank you for subscribing!

By signing up you agree to receive content from us.
Our newsletters contain tracking pixels to help us deliver unique content based on each subscriber's engagement and interests. For more information on how we will use your data to ensure we send you relevant content please visit our PRN Consumer Newsletter Privacy Notice. You can withdraw your consent at any time in the footer of every email you'll receive. Mit Ihrer Anmeldung erklären Sie sich damit einverstanden, Inhalte von uns zu erhalten.
Unsere Newsletter enthalten Zählpixel, die die Lieferung einzigartiger Inhalte in Bezug auf das Abonnement und die Interessen der einzelnen Abonnenten ermöglichen. Weitere Informationen über die Verwendung Ihrer Daten im Hinblick auf die Zusendung von relevanten Inhalten, finden Sie in unserer PRN Consumer Newsletter Privacy Notice. Ihre Zustimmung können Sie jederzeit in der Fußzeile jeder erhaltenen E-Mail widerrufen. En vous inscrivant à la newsletter, vous consentez à la réception de contenus de notre part.
Notre newsletter contient des pixels espions nous permettant la fourniture à chaque abonné, d’un contenu unique en lien avec ses souscriptions et intérêts. Pour de plus amples informations sur l’utilisation faite de vos données en vue de l’envoi des contenus concernés, nous vous invitons à consulter la politique de confidentialité disponible à partir du lien suivant PRN Consumer Newsletter Privacy Notice. Vous pouvez à tout moment revenir sur votre consentement par le biais des informations situées au bas de chaque e-mail reçu. Регистрирайки се, Вие се съгласявате да получавате информационно съдържание от нас. Нашите бюлетини съдържат проследяващи пиксели, които ни помагат да предоставяме уникално съдържание въз основа на ангажираността и интересите на всеки абонат. За повече информация относно начина, по който ще използваме Вашите данни, за да гарантираме, че Ви изпращаме подходящо съдържание, моля, направете справка с нашето Уведомление за поверителност на потребителския бюлетин на PRN. Можете да оттеглите съгласието си по всяко време в долния колонтитул на всеки от имейлите, които ще получите.