Data storage and security continue to be a stumbling block among small and midsize businesses, according to an independent survey with Ipsos Reid and commissioned by document and data destruction services specialist Shred-it. The survey found 35 percent of small-business owners do not have a known or understood protocol in place for storing and disposing of confidential data, although that was a 1 percent improvement from the 2011 survey.
The report also underscored the disconnect between top-level corporate executives, commonly referred to as the C-suite: 95 percent of C-suite respondents are aware of the legal requirements of storing, keeping and disposing of confidential data, 18 percent higher than the percentage of small-business owners (77 percent). Moreover, 28 percent of small-business owners never train their staffs on the company’s information procedures and protocols, while 27 percent of C-suite respondents said they trained their staffs twice a year.
Half of small-business respondents do not have secure, locked consoles to house sensitive materials and, instead, use in-office shredding versus a professional shredding service, compared with C-suite respondents, 47 percent of which have both locked consoles and use a professional shredding service to shred sensitive documents.
Surprisingly, a majority of small businesses (51 percent) appear unaware of the risks data loss poses to their companies, saying lost or stolen data would not seriously impact their businesses. On the C-suite level, 33 percent of survey respondents said lost or stolen data would greatly damage the credibility of their company and have a severe financial impact. Forty-six percent of small-business respondents said they do not have anyone directly responsible for mitigating risks, while 61 percent of C-suite respondents said they have a management-level employee handling security concerns.
“Security breaches within small businesses are on the rise as more small-business owners continue to become technologically savvy and use computerized systems and digital records to track their customer and financial information,” Mike Skidmore, privacy and security officer at Shred-it, said in prepared remarks. “One year after [the release of] Shred-it’s 2011 Information Security Tracker, it is unsettling to see that despite being aware of the legal requirements and protocols for securely destroying confidential materials, unlike C-suite executives at larger companies, small-business owners are still not using that knowledge to proactively prevent and mitigate risk. As small companies evolve as a business, so must their information security measures.”
According to identity-theft specialist John Sileo, small businesses’ data breaches cause nearly 80 percent of them to go bankrupt or suffer severe financial losses within two years of the breach. Additional research from the Ponemon Institute and CyberFactors projected that losses for larger businesses could reach into the hundreds of millions, depending on the type of business and information lost.