What makes Canadian businesses vulnerable to data breaches?
An unattended or unsecured workstation or mobile device showing a customer’s personal information could be the gateway that creates potentially significant data breach problems at your dealership or finance company.
Shred-it recently released its annual State of the Industry Report that exposes information and data security risks currently threatening Canadian enterprises and small businesses and includes survey findings from the Shred-it Security Tracker.
The study found that Canadian businesses, while embracing the concept of workplace mobility, are failing to implement proper data protection policies and staff training, putting them at a heightened risk of a data breach.
The survey findings, conducted by Ipsos, revealed the following:
— Almost 90 percent of C-suite executives and half of small business owners reported that their organizations offer flexible or off-site work environments to employees and more than two-thirds believe that the trend towards working remotely will increase over the next five years.
— However, the majority (82 percent) of C-suite executives and almost two-thirds (63 percent) of small business owners feel that the risk of a data breach is higher when employees work off-site.
“In an era of increasing workplace mobility and one in which a single data breach can destroy a business’ bottom line and reputation, companies have no choice but to make information security a priority,” Shred-it Vice president Paul Saabas said. “One of the smartest things a company can do to differentiate itself today is to make data security a core part of its business practices and communicate this to consumers.”
The study also revealed that businesses are not addressing information security risks with the required training, policies and enforcement mechanisms:
— 38 percent of small business owners reported not having any protocols in place when employees use electronic devices containing confidential information.
— 46 percent of small business owners stated they have no policy for storing and disposing of confidential information when employees work off-site.
— Just 27 percent of small business owners offer employee training on using public Wi-Fi, compared to 48 percent of C-suite execs.
Furthermore, only half of C-suite execs reported that they train their employees on the following practices: keeping sensitive information out-of-sight when working in a public space (58 percent), sharing company-issued electronic devices with family and friends (53 percent), and keeping company-issued devices safe from interference at home (53 percent).
“This oversight in employee training for both large enterprises and small businesses can have a huge impact on a company’s bottom line and reputation if a data breach does occur,” Shred-it said.
Millennials and data security: Not as savvy as we thought
The study also examined millennials (ages 18 to 34) and the topic of data security. The results were surprising — and concerning.
Shred-it reported that millennials, despite having grown up in the digital and mobile era, are lagging behind their Generation X (35 to 55) and baby boomer (55-plus) colleagues when it comes to safe data protection practices.
The study showed:
— 48 percent of millennials leave their notebooks on their desk after they leave work for the day, compared to 37 percent of Generation X, and 21 percent of baby boomers.
— 37 percent of millennials report regularly leaving their computer on and unlocked after work, compared to 22 percent of those between the ages of 35-54, and 12 percent of those 55 and older.
— Only half of millennials regularly shred confidential documents, compared to 65 percent of Generation X, and 52 percent of baby boomers.
“It really is quite surprising that millennials are not taking the issue of data security as seriously as they should,” Saabas said. “What the results show us is just because a younger person is comfortable using technology doesn’t necessarily mean they are knowledgeable about privacy and data risk issues. Without the right training and behavior, they could be putting their employer at risk, not to mention their own personal brand.”
Ipsos conducted a quantitative online survey of two distinct sample groups: small business owners in Canada and C-suite executives working for businesses in Canada with a minimum of 100 employees. The fieldwork was conducted between April 3 and April 21.
To learn more about the 2018 Security Tracker and to receive additional findings, download the 2018 Shred-it State of the Industry Report.