Declining emphasis on security training puts businesses at risk
While companies are getting better at protecting their customers’ personal and sensitive information, their focus on security training has declined in the last year according to a new report.
The study from information security service Shred-it shows that 83 percent of consumers say they prefer to do business with companies who prioritize protecting their physical and digital data, so the decline in training risks losing custom as well as security breaches.
Nearly half (43 percent, up 21 percent from 2017) of C-suite executives and 12 percent (up seven percent from 2017) of small business owners have experienced a data breach. External threats from vendors or contractors (25 percent C-suites, 18 percent SBOs) and physical loss or theft of sensitive information (22 percent C-suites, 19 percent SBOs) are the top information security threats facing business.
But 24 percent of C-suites and 54 percent of SBOs report having no regular employee training on information security procedures or policies. Additionally, the number of organizations that regularly train employees on how to identify common cyber-attack tactics, such as phishing, ransomware or other malicious software, declined too -- for C-suites from 88 percent in 2019 to 82 percent in 2020 and for SBOs from 52 percent in 2019 to 45 percent in 2020.
Also the number of organizations with a known and understood policy for storing and disposing of confidential paper documents adhered to by all employees has declined 13 percent for C-suites (73 percent in 2019 to 60 percent in 2020) and 11 percent for SBOs (57 percent in 2019 to 46 percent in 2020). In addition, 49 percent of SBOs have no policy in place for disposing of confidential information on their end-of-life electronic devices.
The COVID-19 pandemic has pushed many more employees into work-from-home status, often without supporting policies. The majority of C-suites (77 percent) and SBOs (53 percent) have employees who regularly or periodically work off-site. However, just 53 percent of C-suites and 41 percent of SBOs have remote work policies in place that are strictly adhered to.
"As we adjust to our new normal in the workplace, or at home, it’s crucial that policies are adapted to align with these changes and protect sensitive information," says Cindy Miller, president and chief executive officer for Stericycle, the provider of Shred-it information security services. "As information security threats grow, it's more important than ever that we help businesses and communities protect valuable documents and data from the risks of an information breach."
There's more information in the full report, available from the Shred-it site.