According to a recent study, American business leaders are unprepared for the increased threat to information security that comes with flexible office environments.
The 2016 Shred-it Security Tracker information security survey shows that leaders are not providing the protocols and training needed to ensure customer and competitive information remains secure in a mobile work environment.
With the number of mobile workers in the US expected to reach 105 million by 2020, more workers are using the tools of the modern workforce, including laptops, USBs, and cloud storage to connect outside the traditional office environment.
The 2016 Security Tracker shows that the majority of C-Suite Executives (92%) and just over half of small business owners (SBOs) (58%) have at least some employees using a flexible/offsite working model. Yet, only 31% of C-Suite Executives and 32% of SBOs said they have an information security policy for both off-site work environments and flexible working areas in place.
“Without ongoing training and comprehensive policies for remote and flexible workplaces, businesses are at risk,” says Andrew Lenardon, Global Director, Shred-it. “Although employees want increased flexibility and the ability to work remotely, business leaders must ensure that the right information security and training protocols are in-place to protect confidential customer and business data.”
How are you storing and destroying your digital data?
Policies and procedures governing the secure storage and destruction of mobile devices are essential in an organization’s information security policy. While larger U.S. organizations have incorporated this as part of their overall efforts, small businesses have room to improve how they are destroying and storing digital data.
SBOs are more likely to wipe/degauss electronic devices in-house (37%), risking inadvertently exposing the confidential data stored on the hard drive when the device is sent to be recycled or reused. In contrast, their C-Suite counterparts follow the best practices for data destruction and almost half (47%) use a professional destruction service to dispose of their unneeded electronic material.
Regularly destroying hardware is another important part of device management, as legacy hardware stockpiled and stored in the office is a risk for theft. However, 60% of SBOs only dispose of hard drives, USBs, and other electronic devices containing confidential information less than once a year or never. Comparatively, a majority of C-Suite Executives (76%) indicate their businesses destroy hardware every two to three months—or more frequently.
“The only proper way to protect information is to physically destroy the hard drive—simply wiping the device does not ensure sensitive information is completely removed,” says Lenardon. “Implementing security policies that address how digital devices are stored and destroyed is vital for any sized organization to help address the additional risks associated with mobile working.”
While C-Suite Executives are focused on electronic device and data destruction, they must not become complacent with the storage and destruction of paper documents as their employees are no longer tied to the traditional office. Approximately 46% of C-Suite Executives report having a protocol for destroying confidential documents adhered to by all employees— a dramatic drop from 2015 where 63% of C-Suite Executives reported having a protocol in place adhered to by all employees.
7 data protection guidelines
To help businesses of all sizes ensure their corporate policies and training around data protection and security keep pace with the evolving work environment, Shred-it suggests these seven simple workplace guidelines:
- Remind employees not to leave hardware or materials in vehicles, hotels, coffee shops, or elsewhere.
- Limit the type of documents that employees can remove from the office, as there is no way to ensure data is secured when outside of the company’s control
- Encrypt all phones and hard drives, and activate passwords on electronic devices.
- Perform a regular cleaning of storage facilities and avoid stockpiling obsolete electronic devices
- Destroy all unused hard drives using a third-party provider who has a secure chain of custody and confirms destruction.
- Regularly review your organization’s information security policy to incorporate new and emerging forms of electronic media.
- Schedule on-going training so employees understand best practices for protecting confidential information—in and out of the workplace.
Conclusion
As workforces become more mobile, C-Suite Executives and Small Business owners face similar challenges when it comes to protecting sensitive data. To mitigate the increased risk of an increasingly mobile workforce, businesses of all sizes must be proactive in introducing protocols and training to keep employee, customer and company data safe.
