Small businesses do not fully grasp what it means to have a data breach and the effects it could have and as a result, are not safeguarding sensitive information as thoroughly as they should, a new report said.
That means small businesses in the U.S. are taking a passive approach when it comes to protecting their data leaving themselves vulnerable to data loss and possible financial and reputational damage, according to a report by security firm Shred-it.
A number of small businesses (69 percent) are not aware or don’t believe data being lost or stolen would result in financial impact and harm to their businesses credibility, according to the 2013 Shred-it Information Security Tracker.
The study found:
• 40 percent of small business owners have no protocols in place for securing data, a five percent increase from last year.
• More than 1/3 of the small business report they never train staff on information security procedures.
• 48 percent have no one directly responsible for management of data security.
• 18 percent would encourage new data privacy legislation requiring stricter compliance and penalties to information security threats.
“We’re urging companies to be vigilant when it comes to information security,” said Mike Skidmore, Privacy & Security Officer, Shred-it. “We have seen a consistent increase in small businesses without security protocols in place and a crucial first step for practicing effective information security is improving awareness of policies and procedures. Organizations face a lot of risks, but enforcing sensitive data safeguarding as a company-wide practice will potentially avert both significant financial and reputational damage.”
It is crucial that businesses of all sizes take proactive steps to protect against data breaches. The 2013 Security Tracker found that more C-suite executives (12 percent) reported financial losses of more than $500,000 due to data breaches this year than in previous years; yet, 23 percent of the C-suite executives surveyed do not believe a data breach will impact their business.
At the same time, while awareness of legal requirements among C-suite executives was up four percent from 2012, only 16 percent report training employees on protocol twice a year, down 11 percent from 2012.
In today’s global business climate, businesses small and large are operating in increasingly expansive supply chains, outsourcing services to various vendors and sharing sensitive information to facilitate business transactions. As touch points in the supply chain increase, so does risk and businesses need to hold each other to a higher security standard. All it takes is one breach for many reputations to suffer damage.
With that in mind, U.S. companies should consider re-evaluating the risks associated with sharing data with members of their supply chain. Do these partners also demonstrate a commitment to information security? By creating a far-reaching information security policy that encompasses business partners and suppliers, companies can do a more effective job of protecting the confidential data of all Americans.