U.S. Small Businesses Recognize Risk of Security Breaches Within Organization

Yet most aren't regularly reviewing their security processes, conducting audits or training employees to help safeguard the business

Jun 16, 2011, 09:00 ET from Shred-it

NEW YORK, June 16, 2011 /PRNewswire/ -- Shred-it, a world-leading information security company providing document destruction services, commissioned their "Information Security Tracker" survey with Ipsos Reid across the United States, Canada and the United Kingdom to gain insight on information security policies and procedures among small businesses. The below results are specific to the United States.

Interested in uncovering details about small business' frequency of security audits, protocols for storing and disposing of data, and the availability these companies have to document destruction facilities, the survey revealed both expected and concerning results.

  • In assessing how often small businesses reviewed the processes on secure document destruction, the majority of U.S. respondents (30.2 percent) had done a review in the past six months, however, a quarter (25.1 percent) had never reviewed the processes.
  • Inquiries regarding company security audits revealed that 27.3 percent of U.S. companies had never conducted a security audit, however, closely behind the majority was the 24.3 percent that had conducted a security audit in the past six months.
  • When asking U.S. respondents why they conducted information security audits, 67.3 percent did so to proactively protect their business from potential security gaps, while 30.8 percent conducted audits for compliances purposes – to avoid fines and penalties.
  • Although 78.6 percent of U.S. respondents admitted they were aware of the legal requirements of storing, keeping and disposing confidential data, 31.1 percent of companies never train staff on the company's information-security procedures and protocols and 35.5 percent of companies have no protocol in place for storing and disposing confidential data.  
  • While U.S. respondents said that keeping business information secure was important (96.2 percent) and having secure document destruction policies in place was important (90 percent), more than half (55.6 percent) of organizations said they do not offer secure document security facilities such as secure locked consoles.

"While most small businesses seem to recognize the security risks in their industry, they don't believe they are the actual target for these risks and don't apply the additional layer of security needed to prevent them from a potential breach," said Mike Skidmore, Privacy & Security Officer, Shred-it. "Small business owners need to make the extra effort to regularly review their document destruction policies, conduct annual security audits and implement comprehensive trainings for employees."

Information security is vital to all organizations of any size. Companies need to safeguard their customer and employees' sensitive information and take the actions necessary to minimize the risk of exposure that could lead to a data breach. Shred-it offers the following tips to help small businesses safeguard their business information:

  • Make sure you have formal information security policies in place; train your employees to know the policies well and follow them rigorously.
  • Eliminate any potential risks by introducing a "shred-all" policy, when all unneeded documents are fully destroyed on a regular basis.
  • Conduct a periodic information security audit.
  • Don't overlook hard drives on computers or photocopiers - erasing your hard drive does not mean that the data is gone. Physical hard drive destruction is proven to be the only 100% secure way to destroy data from hard drives
  • Hire a reliable vendor that is well-informed and keeps you compliant with pertinent legislation, training requirements etc.

About Shred-it

Shred-it is a world-leading information security company providing document destruction services that ensure the security and integrity of our clients' private information.  The company operates 140 service locations in 16 countries worldwide, servicing more than 150,000 global, national and local businesses, including the world's top intelligence and security agencies, more than 500 police forces, 1,500 hospitals, 8,500 bank branches and 1,200 universities and colleges. For more information, please visit www.shredit.com.

About the Survey

An independent survey conducted by Ipsos Reid and commissioned by Shred-it was conducted during between April 8th and April 27th, 2011. Small businesses were randomly selected among the Ipsos Online Household Panels in three markets;  Canada (n=1,011), the United States (n=1,000) and the United Kingdom (n=1,000).

SOURCE Shred-it