Financial businesses unprepared for potential security breach
TORONTO -- An independent survey conducted by Ipsos Reid across Canada, the U.S. and the UK on behalf of Shred-it, a world-leading information security company providing document destruction services, reveals that 30 percent of business operators in the financial sector are not worried about the potential implications of a security breach. This statistic stands in contrast to the 96 percent of financial service respondents who reported that they know of their legal obligation to protect client information, the highest percentage of all of the sectors surveyed.
The Shred-it Information Security Tracker indicates that not only are Canadian businesses in the financial sector the most aware of their legal requirements, they are also the most likely to have a known and understood protocol for storing and disposing of confidential data.
In the financial industry, where document security is of such high importance, it is positive to see that over three quarters (76 percent) of businesses are implementing the proper protocols to protect their client’s private records. However, despite this statistic, almost a quarter (24 percent) of those businesses say that not all employees are aware of it. This means that even though businesses operators in the financial sector are aware of their legal requirements, not all employees are as well informed. In order to minimize exposure to a potential data security breach, financial business operators should work to ensure that all employees are educated on protocols and follow them strictly.
“Whether it is a large or small business, those that work in the financial sector handle documents containing very sensitive client information each day,” says Michael Collins, Vice President, Sales, Shred-it Canada. “ While aware of their legal obligations to protect their clients’ confidential and sensitive financial records, a lack of staff training, inadequate storage management and no method for secure document destruction all increase the risk of a security breach. At Shred-it, we act as a partner in helping organizations protect the integrity of their information by offering solutions and recommendations for businesses on how to minimize the risk of fraud.”
Despite the high percentage of financial businesses who do have a protocol, 30 percent say they have no employee directly responsible for managing data security issues.
Additionally, 43 percent of the Canadian financial businesses surveyed do not offer secure document security facilities within their organizations, such as a locked console where staff can dispose of documents and cannot be accessed once deposited.
“Ensuring that data security is taken seriously at every level and by all employees within a business is vital to minimizing the risk of exposure that could lead to a data breach,” adds Collins. “ It is essential that appropriate measures are taken to protect all files and ensure greater security to reduce the risk of fraud or identity theft. Obtaining sufficient funding for security management systems, training employees on all policies for maintaining information security and getting a commitment from top management levels to support and enforce these systems is necessary. By taking such steps and regularly reviewing security policies, organizations can protect themselves from the significant long term impact of a data breach.”
Shred-it’s tips for safeguarding business information
Make sure you have formal information security policies in place; train your employees to know the policies well and follow them rigorously.
Eliminate any potential risks by introducing a “shred-all” policy, when all unneeded documents are fully destroyed on a regular basis.
Conduct a periodic information security audit.
Don’t overlook hard drives on computers or photocopiers - Erasing your hard drive does not mean that the data is gone. Physical hard drive destruction is proven to be the only 100% secure way to destroy data from hard drives
Hire a reliable vendor that is well-informed and keeps you compliant with pertinent legislation, training requirements etc.