2014 Study Shows Canadian Businesses Continue to Be Complacent about Information Security

Results from Shred-it’s 4th Annual Security Tracker suggests Canadian businesses lack motivation to
implement information security policies

2014 Security Tracker Canadian Results (Graphic: Business Wire)

TORONTO--()--A new study looking at the information security habits of Canadian c-suite executives and small business owners reveals that business leaders are becoming increasingly complacent. While Canadians are more aware of information security risks than ever before, Shred-it’s 4th Annual Security Tracker shows business leaders have taken little to no action to decrease risk of reputational damage or disruption to their business operations.

According to the study conducted by Ipsos Reid, small business owners are more aware today than they were in 2013 of the legal requirements concerning confidential data in their industry. Yet, for the second year in a row, only 46 per cent acknowledge having a protocol for storing and disposing of confidential data that is strictly adhered to by all employees, and 31 per cent admit to having no protocol in place whatsoever. Further, only 12 per cent of those surveyed admit to having both a locked container and a professional shredding service.

C-suite respondents share similar views to small business owners as it relates to information security. Only 42 per cent of c-suite executives admit to having a protocol in place for storing and disposing of confidential data that is strictly adhered to by all employees, and only half concede to having a locked container and a professional shredding service. The study also found that 10 per cent of c-suite respondents admit to throwing out sensitive documents without shredding them, a number which has risen significantly since last year.

“Organizations need to do more to ensure the safety of their confidential physical documents and digital data. Prioritizing information security by implementing policies and protocols that address all types of confidential information will decrease business risk,” said Bruce Andrew, Executive Vice President at Shred-it. “When you factor in the cost of recouping damages from a security breach, not to mention the reputational damage they can cause, it is increasingly necessary that business leaders educate themselves and action on best practices in information security.”

The security tracker also revealed that 63 per cent of small business owners have no cyber security policy in place for destroying digital assets, and almost half of small business owners surveyed have never disposed of hardware containing confidential information. When compared to the 33 per cent of c-suite executives who acknowledged having no cyber-security policy in place, it is clear there is plenty of room for improvement.

Canadian organizations are not alone in their battle to protect information and safeguard against digital data breaches. The Privacy Commissioner and Industry Canada have implemented legislation to govern how the private sector collects, uses and discloses personal information. That said, when grading the government’s response to information security, only 55 per cent of c-suite executives give the Canadian government a passing mark, suggesting the other half of respondents would like to see improvements.

“At Shred-it we assist businesses and federal government agencies in meeting compliance requirements brought forth by the Privacy Commissioner. We believe the government has done an excellent job focusing on the safety and security of individuals as part of its national security agenda,” says Andrew. “The secure destruction of confidential information is our top priority and we will continue to advocate for compliance education in Canada.”

Shred-it offers the following suggestions to help business leaders protect confidential information and begin establishing a culture of security:

  • Demonstrate a top-down commitment from management to the total security of your business and customer information
  • Implement formal information security policies; train your employees to know the policies well and follow them strictly
  • Eliminate potential risk by introducing a “shred-all” policy; remove the decision-making process regarding what is and isn’t confidential
  • Conduct a periodic information security audit
  • Introduce special locked containers instead of traditional recycling bins for disposing of confidential documents
  • Don’t overlook hard drives on computers or photocopiers. Erasing hard drives does not mean data is destroyed. Physical hard drive destruction is proven to be the only 100% secure way to destroy data from hard drives

About Shred-it:
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. The company operates in 140 markets throughout 18 countries worldwide, servicing more than 300,000 global, national and local businesses. For more information, please visit www.shredit.com.

About Ipsos Reid:
Ipsos Reid is Canada's market intelligence leader, the country's leading provider of public opinion research, and research partner for loyalty and forecasting and modeling insights. With operations in eight cities, Ipsos Reid employs more than 600 research professionals and support staff in Canada. The company has the biggest network of telephone call centres in the country, as well as the largest pre-recruited household and online panels. Ipsos Reid's marketing research and public affairs practices offer the premier suite of research vehicles in Canada, all of which provide clients with actionable and relevant information. Staffed with seasoned research consultants with extensive industry-specific backgrounds, Ipsos Reid offers syndicated information or custom solutions across key sectors of the Canadian economy, including consumer packaged goods, financial services, automotive, retail, and technology & telecommunications. Ipsos Reid is an Ipsos company, a leading global survey-based market research group. To learn more, visit www.ipsos.ca.

About the 2014 Security Tracker:

Ipsos Reid conducted a quantitative online survey of two distinct sample groups: small business owners in Canada (n=1,006), and C-suite executives working for businesses in Canada with a minimum of 100 employees (n=100). This survey is considered accurate to within 3.5 percentage points had all small business owners been surveyed and to within 11.2 percentage points had all C-suites been surveyed. The fieldwork was conducted between April 28 and May 5, 2014.

Contacts

NATIONAL Public Relations (for Shred-it)
Lauren Poplak, 416-848-1378
lpoplak@national.ca
or
Shred-it
Katarina Kristanic, 905-491-2250
Sr. Manager, PR & Communications
katarina.kristanic@shredit.com

Contacts

NATIONAL Public Relations (for Shred-it)
Lauren Poplak, 416-848-1378
lpoplak@national.ca
or
Shred-it
Katarina Kristanic, 905-491-2250
Sr. Manager, PR & Communications
katarina.kristanic@shredit.com