Protection of confidential data: companies could do better
According to a recent study conducted by Shred-It, specialist in document destruction, many companies do not consider the security of working documents as essential. Data theft is nonetheless a risk factor for both the company and clients alike.
Large companies are better students than small companies in protection of confidential information, according to the 2012 Information Security Tracker study by Shred-it. 95% of 100 large companies interrogated are at least aware of legal requirements for storage, retention and destruction of confidential data in their sector of activity. The level drops to 76% for the 1,000 smallest companies interviewed. In the same vein, 93% of large companies have an employee responsible for all matters related to data security, compared to 52% of small companies.
The importance of adhering to the protocol
Looking at the details more closely, the study reveals that 92% of large companies have a document destruction protocol compared to 55% of small companies. However, 40% of employees in large companies know and comply with this protocol, compared to 43% of employees in small companies.
The results therefore appear relatively good in terms of large companies except for compliance with the protocol by employees. It’s not the same for small companies, which are paying less and less attention to data security. In 2011, 38% of them did not have any document storage and destruction protocol, compared to 42% today. And while 34% of small companies had no employee dedicated to data security issues in 2011, this rate has increased to 47% in 2012.
Real risks of infringement
Yet, issues of data infringement are real since two thirds of large companies say they have been victims compared to 22% of small companies. Among these, 61% do not believe that they will ever be affected by such an attack.
To conclude its survey, Shred-it has some tips to improve company data protection, beginning with an audit of existing security risks in the organisation. It then recommends adopting a policy to regularly destroy any unnecessary documents, provide employees with a locked cabinet to deposit documents before disposal, recruit someone to help with ensuring compliance with legal document destruction requirements and especially not to forget about protection of electronic files.