Shred-it Study Finds Seemingly Innocent Workplace Mistakes Put North American Businesses at Risk for Data Breaches

New report finds 71 percent of managers have seen confidential documents left on the printer, 77 percent have accidentally sent an email containing sensitive information to the wrong person

BANNOCKBURN, IL, Sept. 30, 2019 /PRNewswire/ - Two thirds (68%) of businesses reported their organization has experienced at least one data breach in the past 12 months, and nearly three in four (69%) of those data breaches involved the loss or theft of paper documents or electronic devices containing sensitive information. That is according to a new report from Shred-it "The Security of Confidential Documents in the Workplace," conducted by the Ponemon Institute, which reveals the discrepancy in priority between cybersecurity and physical security, and the mistakes employees and managers make that may be contributing to a rise in data breaches.

According to the report, typical workplace occurrences may be at the root of the problem as 65% of managers are concerned their employees or contractors have printed and left behind a document that could lead to a data breach. Those fears have been confirmed as seven in 10 (71%) managers have seen or picked up confidential documents left in the printer. This seemingly innocent workplace mistake isn't the only thing threatening information security, over three in four (77%) managers admit they have accidentally sent an email containing sensitive information to the wrong person. What's more, nearly nine in 10 (88%) have received an email containing sensitive information from someone within or outside of their organization they were not intended to receive.

"The report reveals two key factors about information security in North American businesses– employee negligence, intentional or not, can be a leading contributor to data breaches and that businesses should equally consider the needs for cybersecurity and physical information security within their organization," said Ann Nickolas, Senior Vice President, Stericycle, the provider of Shred-it information security solutions. "Although cybersecurity is no doubt an important element of protection, businesses should look to strike a balance between investing in physical security and cybersecurity, as well as integrating better communication with employees on risk factors, to best arm themselves against potential breaches"

When exploring physical security versus cybersecurity, the report found that less than two in five (39%) managers believe the protection of paper documents is just as important as the protection of electronic records. This may be why more than half (51%) of managers say their organization does not have a process for disposing of paper documents containing sensitive information.

Additional findings from the report include:
Tech and Business Managers Are Not Aligned on Security Responsibilities and Protocols

• A quarter (25%) of technology managers believe that CISOs are most responsible for granting access to paper documents or electronic devices containing sensitive or confidential information, compared to 1% of business managers
• 22% of business managers believe no one function is most responsible, compared to 16% of technology managers.
• Sixteen percent of business managers believe the business owner is most responsible, compared to 6% of technology managers
• Fewer (32%) tech managers than business managers (42%) believe the protection of paper documents is just as important as the protection of electronic records
• Less than half (45%) of tech managers and more than half (53%) of business managers say their organization does not have a process for disposing of paper documents containing sensitive or confidential information after they're no longer needed
• After reviewing paper documents, more tech managers (41%) than business managers (30%) shred the documents, and more business managers (22%) than tech managers (19%) throw the documents in the garbage

Employees May Be Gaining Access to Sensitive or Confidential Information

• Organizations may not be taking all precautions to restrict employees from accessing physical paper documents they should not have access to:
• Only a third (33%) use physical security to prevent unauthorized access to document storage facilities
• Nearly two in five (38%) use filing cabinets or locked desks to store these document
• Less than a third (31%) enforce a clean desk policy
• Half (50%) of managers say their organization does not take any of these steps
• Nearly two thirds (60%) of managers agree employees, temporary employees and contractors have access to paper documents that are not pertinent to their role or responsibility

Managers Are Also Guilty of Neglecting Sensitive and Confidential Information

• More than half (51%) of managers have no process for disposing of paper documents containing sensitive or confidential information after they are no longer needed
• After reviewing a paper document, more than a fifth (21%) throw the document in the garbage
• The majority (54%) of managers have been targeted by a phishing email or social engineering scam at work, but only 39% of managers contacted their supervisor

About The Security of Confidential Documents in the Workplace Report:
Shred-it commissioned the Ponemon Institute to conduct a study of managers in a variety of business sectors. The study was conducted online in August and collected responses from 650 managers in IT security and non-IT positions in North America who are knowledgeable about their organization's strategy for the protection of confidential and sensitive information. Within the survey, "tech managers" refer to people in the following positions: CIO, CTO, CSO, CISCO and IT security technician/analyst. "Business managers" refer to people in the following positions: CFO, Controller, HR executive, Compliance Administration, Officer Manager, Senior Management and  Business Owner.

About Shred-it
Shred-it is a world-leading information security service provided by Stericycle, Inc. Shred-it solutions ensure the security and integrity of private and confidential information, protecting more than 500,000 global, national and local businesses across 17 countries worldwide. For more information, please visit www.shredit.com.

SOURCE Shred-it