industry Update
Canadian businesses continue to be complacent about information security
B
place whatsoever. Further, only 12 per cent of those surveyed admit to having both a locked container and a professional shredding service. C-suite respondents share similar views to small business owners as it relates to information security. Only 42 per cent of c-suite executives admit to having a protocol in place for storing and disposing of confidential data that is strictly adhered to by all employees, and only half concede to having a locked container and a professional shredding service. The study also found that 10 per cent of c-suite respondents admit to throwing out sensitive documents without shredding them, a number which has risen significantly since last year. “Organizations need to do more to ensure the safety of their confidential physical documents and digital data. Prioritizing information security by implementing policies and protocols that address all types of confidential information will decrease business risk,” says Bruce Andrew, executive vicepresident at Shred-it. “When you factor in the cost of recouping Register now to reserve your seat at damages from a security breach, www.dmn.ca not to mention the Interactive eStatements: reputational damage Raising Your Customer Experience Game they can cause, it is increasingly necessary that business leaders educate themselves Learn how eStatements can enhance the customer experience, providing information and analytics in an and action on enhanced self-service environment that also drives best practices in adoption and reduces call centre and printing costs. information security.” SPEAKER: A must-attend if you want to increase customer loyalty, The security Peter O’Grady better promote, target and sell your services and help Director, Business Intelligence tracker also revealed Product Marketing, your organization save money. Information Builders that 63 per cent of small business owners Presented by EVENT DETAILS: have no cyber security Sept 10, 2014 • 8-10am policy in place for The National Club, destroying digital 303 Bay St, Toronto M5H 2R1 assets, and almost BRING YOUR TEAM. half of small business SIGN UP AS MANY AS 3 INDIVIDUALS AT NO CHARGE. owners surveyed have never disposed of hardware containing confidential For more information and to register visit our website: www.dmn.ca information. When Seating is limited.
usiness leaders are becoming increasingly complacent, says Shred-it’s ‘4th Annual Security Tracker’. While Canadians are more aware of information security risks than ever before, business leaders have taken little to no action to decrease risk of reputational damage or disruption to their business operations. The study indicates that organizations need to do more to ensure the safety of their confidential physical documents and digital data. Prioritizing information security by implementing policies and protocols that address all types of confidential information will decrease business risk. As well, small business owners are more aware today than they were in 2013 of the legal requirements concerning confidential data in their industry. Yet, for the second year in a row, only 46 per cent acknowledge having a protocol for storing and disposing of confidential data that is strictly adhered to by all employees, and 31 per cent admit to having no protocol in
FREE BREAKFAST BRIEFING
30
Financial Operations | SUMMER 2014 | www.financialoperations.ca
compared to the 33 per cent of c-suite executives who acknowledged having no cyber-security policy in place, it is clear there is plenty of room for improvement. Canadian organizations are not alone in their battle to protect information and safeguard against digital data breaches. The Privacy Commissioner and Industry Canada have implemented legislation to govern how the private sector collects, uses and discloses personal information. That said, when grading the government’s response to information security, only 55 per cent of c-suite executives give the Canadian government a passing mark, suggesting the other half of respondents would like to see improvements. “At Shred-it we assist businesses and federal government agencies in meeting compliance requirements brought forth by the Privacy Commissioner. We believe the government has done an excellent job focusing on the safety and security of individuals as part of its national security agenda,” says Andrew. “The secure destruction of confidential information is our top priority and we will continue to advocate for compliance education in Canada.” Shred-it offers the following suggestions to help business leaders protect confidential information and begin establishing a culture of security: • Demonstrate a top-down commitment from management to the total security of your business and customer information • Implement formal information security policies; train your employees to know the policies well and follow them strictly • Eliminate potential risk by introducing a “shred-all” policy; remove the decisionmaking process regarding what is and isn’t confidential • Conduct a periodic information security audit • Introduce special locked containers instead of traditional recycling bins for disposing of confidential documents • Don’t overlook hard drives on computers or photocopiers. Erasing hard drives does not mean data is destroyed. Physical hard drive destruction is proven to be the only 100 per cent secure way to destroy data from hard drives