Canadian businesses are overly confident about the security of their data, a newly released study indicates.
And, that could be affecting businesses’ bottom lines as customers concerned about security will spread the word about untrustworthy companies.
Indeed, said Stericycle Inc.'s Shred-it information security service’s data protection report, external threats and physical property loss are the biggest information security threats to Canadian businesses.
But, the report found, emphasis on employee training and policies has declined in 2020, despite customer expectations that companies with which they did business would rethink their information security training and policies.
“This decline could pose issues for businesses, as 86% of consumers indicated that physical and digital security is a top priority for them when choosing who to do business with.,” Shred-It said.
“If there is one clear message in the 2020 data, it is that complacency around data protection creates significant risk for businesses,” said Cindy Miller, president of the Brampton, Ont.-based Stericycle. “Over the past ten years, threats to data security have outpaced businesses’ efforts and investments. As a result, all businesses should re-evaluate their information security training and policies in earnest and focus on preparedness.”
Among the findings of the survey, conducted pre-pandemic by Imposes:
- 18% of executives and 21% of small businesses indicated that physical loss or theft of sensitive information is the biggest information security threat they face;
- while 93% of executives and 58% of small businesses reported policies for storing and disposing of confidential paper documents, only 62% of executive employees and 40% of small business employees strictly adhere to them;
- 44% of small businesses have no policy in place for disposing of confidential information on end-of-life electronic devices; and
- just two thirds (64%) of executives and 36% of small businesses have remote work policies in place that are strictly adhered to by employees.
The report said lack of training could be a cause of lack of adherence to policies and that infrequent training could make businesses more vulnerable than they might otherwise be.
And that’s where the bottom line kicks in.
The survey found 66% of consumers are concerned that paper documents with their confidential information exist, and 83% of consumers are concerned that such information is somewhere on the internet.
“If a company they did business with suffered a data breach and their personal data was compromised, consumers would tell others about the breach (31%), lose trust and demand to know what is being done to prevent future breaches (23%), seek compensation (23%) or stop doing business with them (24%),” the survey found.