Data protection tips for SMEs

Three steps for SMEs to help protect them for tomorrow

October 13, 2016
Purchasing B2B

document security

OAKVILLE—As National Small Business Week kicks off October 16, 2016, Shred-it is reminding leaders of small-to-medium sized businesses (SMBs) to protect themselves against one of the most costly business risks: an information security breach.

A data breach among SMBs may not make headlines, but the results can be devastating nonetheless, the company said. According to the 2016 Shred-it Security Tracker Survey conducted by Ipsos, 45 percent of SMEs believe their business wouldn’t be affected by a data breach. On the contrary, the Ponemon 2016 Cost of a Data Breach study revealed that the average cost per lost or stolen record is about $278. This can be especially damaging to SMEs.

In order to instill a strong information security culture there should be a mindset of shared responsibility among everyone in the organization regardless of job function and level of seniority, said Shred-it. For SMEs, fostering a strong information security culture will limit uncertainty when it comes to decision-making and overall reduce data breach risk.

There are also many cost-effective measures that SMEs can easily implement today, in order to help reduce data breaches for tomorrow. Shred-it has identified three data protection strategies that will help embed security best practices.

Two-method approach
SMBs can institute double-edged strategies like a clean desk policy and a shred it All policy. A clean desk policy encourages employees to clear their desks and lock-up documents before they leave at the end of the day or when away for an extended period of time. This helps safeguard all confidential data. A shred it all policy removes the choice and uncertainty around what is required to be destroyed or recycled by requiring all paper documents to be shredded. All shredded paper is recycled giving SMEs an added environmental benefit to their procedures. These two strategies are easy to embed within an organization and serve to create a clear expectation among employees.

Secure your info on the go
According to the 2016 Security Tracker survey over half of Canadian SMEs (53 per cent) have at least a portion of employees who work offsite, many of which may use their own devices. While these measures allow flexibility among employees, it’s important to put forward security measures to protect confidential company information. SMEs should ensure the right information security and training protocols are in-place to protect data. Putting in place an offsite work policy that requests all mobile devices and laptops be encrypted and reminds employees of the risk of leaving hardware or materials in public places, helps ensure data is secured when outside of the company’s control. It can help to schedule ongoing training so employees understand best practices for protecting confidential information—in and out of the workplace.

Don’t delete, destroy
Thirty-eight per cent of Canadian SMBs report wiping or degaussing hardware in-house. If your media disposal process includes erasing, reformatting, wiping or degaussing your hard drives, your customer and company information may be at risk. A best practice in proper disposal is to remove and safely destroy the hard drive that lives on the device. Erasing, reformatting and wiping hard drives is not enough to dispose confidential information. Destroying, not deleting, ensures information is unrecoverable.

Businesses can help employees keep information security procedures top-of-mind with reminders throughout the office. Shred-it is helping small businesses owners with an Information Security Reminders postcard that can be printed to help ensure employees know their data protection responsibilities, whether they are in the office or working remotely.