A survey on data security practices in large and small Canadian firms indicates that many workers are not aware of their company’s rules around data protection.
More than 57 per cent of C-level executives in large Canadian companies reported that although they have security protocols covering data security, storage and destruction, not all employees are aware of them, according to a survey by public opinion research Ipsos Reid for data security and destruction firm Shred-it.
The survey covered 1,000 small business owners and 100 C-suite executives of large Canadian businesses in different industries.
As many as 40 per cent of small business owners admit they do not have a document security protocol in place and 22 per cent of small business owners that they are either not aware of or “not very aware” of their industry’s legal requirements for storing and disposing of confidential data, the survey found.
RELATED CONTENT
Lost client data not encrypted IROC
Bill calls for mandatory data breach reporting
“The figures show us that people underestimate a data breach’s potential of creating trouble for a company and its clients,” said Bruce Andrew, vice-president of marketing for Shred-it. “Many workers and decision-makers are just complacent and not mindful of the dangers.”
For example, he said, only six per cent of small businesses and 24 per cent of large businesses train their staff on the company’s information security policies and procedures twice a year.
“Many organizations opt to train their employees on an as-needed basis or not at all,” said Andrew.
These findings he said dovetail with results of a recent survey by the office of the Privacy Commissioner of Canada, which revealed that only 13 per cent of Canadian businesses are taking the protection of personal information seriously.
The financial impact for businesses that experience is on the rise, he added.
As many as 15 per cent of large businesses reported losing upwards of $500,000 in 2013, up from just three per cent in 2012, said Andrews.
He also said that it is critical for businesses to ensure that sensitive and personal data is protected down the supply chain.
“Businesses may not realize that, while they may have implemented a strict policy of protecting confidential data, the information they share with partners and vendors may not be secure,” Andrew said. “All it takes is one gap for a breach to occur and a company’s reputation to be damaged.”