Study: Small businesses often lax about data security
By Canadian SecurityNews Data Security
According to results from the second annual 2012 Shred-it Information Security Tracker survey, 76 per cent of small businesses are at least somewhat aware of their legal requirements surrounding storing, keeping and disposing of confidential data, however, 42 per cent do not have an established protocol on how to adhere to these regulations and nearly one-third (31 per cent) have never trained their staff on information security procedures.
When it comes to personnel, nearly half (47 per cent) do not have an employee directly responsible for managing data security issues — up from 34 per cent last year.
“Companies of all sizes are tightening their belts, and small businesses in particular may be having difficulty allocating staff and other resources to information security,” says Bruce Andrew, VP Marketing, Shred-it. “However, making information security part of day-to-day operations is a valuable investment that, at the end of the day, protects both the business’ reputation and its bottom line.”
Only 12 per cent of respondents said that they believed that lost or stolen data would result in severe financial and reputational damage, and six-in-ten (61 per cent) felt that such a breach would not significantly impact the business at all.
“While the risk of a data breach may seem small, the ramifications can be devastating even if they aren’t apparent right away,” says Andrew. “At Shred-it we recommend conducting a risk assessment to determine what security policies and protocols already exist, where improvement is required and where the company may be most vulnerable.”
Print this page