Canadian Security Magazine

News Data Security
Shred-it exposes myths about confidential data

Employee training plays a critical role in combating flawed and inaccurate ideas about information security and the proper handling of confidential information, according to Shred-it International.


July 21, 2016
By Cindy Macdonald


Topics

A recent study shows that 25 per cent of data breaches in the past year were caused by human error, yet according to the 2016 Shred-it Security Tracker information security survey conducted by Ipsos earlier this year, only 31 per cent of Canadian C-suite respondents say they train employees more than once a year on how to remain compliant with their industry’s legal requirements for the storage and destruction of confidential information.

Results are similar on the small business front, with 39 per cent of Canadian small business owners reporting that they never train employees on how to remain compliant with legal requirements or company information security procedures and 31 per cent only conduct training on an ad-hoc or as-needed basis.

“Without training and education on how to safely manage, store and destroy confidential information, employees may be unaware of their responsibilities and how their actions can open their business or customers to fraud,” said Andrew Lenardon, global director at Shred-it International.

“Businesses need to help their teams become more aware of the risks associated with mishandling confidential information to avoid penalties, fines or damages to their reputation caused by poor information security practices.”

Advertisment

Shred-it would like to set the facts straight on seven common information security myths:

Myth 1: Erasing data from a hard drive completely removes the information.
Fact: Simply deleting confidential electronic records does not ensure the data stored on the hard drive is completely gone. The only way to ensure confidential information is protected is to remove and destroy the hard drive before the device is resold, recycled or disposed.

Myth 2: It is safe to dispose of confidential information, as long as the paper is torn into little pieces.
Fact: Torn paper can easily be removed from an unsecure bin and pieced back together. Organizations should have locked disposal consoles and require all documents to be shredded. Implementing a Shred-it All policy eliminates the guesswork of what is and isn’t confidential and ensures employees don’t accidentally leave confidential information in an unsecure bin. In addition, shredding also has an environmental benefit because all shredded paper is recycled.

Myth 3: You can confidentially enter personal information on a website if you recognize the source or the sender that sent you the link.
Fact: Scam emails are often designed to look real and may insist that personal or corporate information is needed. Business or personal information should never be entered into a link from an email, even if the site appears credible. Experts recommend typing the website in directly or navigating to it via bookmarks.

Myth 4: You can use your own smart phone or another device at work, as long as it is password protected.
Fact: Though it’s common practice for employees to use their own devices for work, personal devices can create a number of security-related issues. Even if they are password protected, all devices should be encrypted to protect the confidential information stored on them. Bring your own device (BYOD) security programs should also be in place to protect the pathway from the personal device to corporate systems.

Myth 5: Keeping material on my desk at work is safe.
Fact: Untidy work stations pose a threat because loose paperwork on desktops can be vulnerable to snooping and data theft. Organizations should implement a clean desk policy and require all documents to be stored in locked filing cabinets when employees are away from their desks.

Myth 6: Messages on smart phones or laptops are private.
Fact: Visual hacking of information on mobile devices can occur almost anywhere. Organizations should provide employees with privacy screens for laptops, tablets and other mobile devices to keep confidential information safe from prying eyes.

Myth 7: Public Wi-Fi is safe if it is password-protected.
Fact: Even when password-protected, shared or public internet connections can still expose valuable information to data thieves and hackers. Never use public Wi-Fi for sensitive work information. Organizations should establish policies that encourage employees to connect only to trusted networks for work purposes.