Sep 30, 2019 SOURCE: PR NewsWire

Shred-it Study Finds Seemingly Innocent Workplace Mistakes Put North American Businesses at Risk for Data Breaches

New report finds 71 percent of managers have seen confidential documents left on the printer, 77 percent have accidentally sent an email containing sensitive information to the wrong person

BANNOCKBURN, IL, Sept. 30, 2019 /PRNewswire/ - Two thirds (68%) of businesses reported their organization has experienced at least one data breach in the past 12 months, and nearly three in four (69%) of those data breaches involved the loss or theft of paper documents or electronic devices containing sensitive information. That is according to a new report from Shred-it "The Security of Confidential Documents in the Workplace," conducted by the Ponemon Institute, which reveals the discrepancy in priority between cybersecurity and physical security, and the mistakes employees and managers make that may be contributing to a rise in data breaches.

According to the report, typical workplace occurrences may be at the root of the problem as 65% of managers are concerned their employees or contractors have printed and left behind a document that could lead to a data breach. Those fears have been confirmed as seven in 10 (71%) managers have seen or picked up confidential documents left in the printer. This seemingly innocent workplace mistake isn't the only thing threatening information security, over three in four (77%) managers admit they have accidentally sent an email containing sensitive information to the wrong person. What's more, nearly nine in 10 (88%) have received an email containing sensitive information from someone within or outside of their organization they were not intended to receive.

"The report reveals two key factors about information security in North American businesses- employee negligence, intentional or not, can be a leading contributor to data breaches and that businesses should equally consider the needs for cybersecurity and physical information security within their organization," said Ann Nickolas, Senior Vice President, Stericycle, the provider of Shred-it information security solutions. "Although cybersecurity is no doubt an important element of protection, businesses should look to strike a balance between investing in physical security and cybersecurity, as well as integrating better communication with employees on risk factors, to best arm themselves against potential breaches"

When exploring physical security versus cybersecurity, the report found that less than two in five (39%) managers believe the protection of paper documents is just as important as the protection of electronic records. This may be why more than half (51%) of managers say their organization does not have a process for disposing of paper documents containing sensitive information.

Additional findings from the report include:
Tech and Business Managers Are Not Aligned on Security Responsibilities and Protocols

    --  A quarter (25%) of technology managers believe that CISOs are most
        responsible for granting access to paper documents or electronic devices
        containing sensitive or confidential information, compared to 1% of
        business managers
    --  22% of business managers believe no one function is most responsible,
        compared to 16% of technology managers.
        --  Sixteen percent of business managers believe the business owner is
            most responsible, compared to 6% of technology managers
    --  Fewer (32%) tech managers than business managers (42%) believe the
        protection of paper documents is just as important as the protection of
        electronic records
    --  Less than half (45%) of tech managers and more than half (53%) of
        business managers say their organization does not have a process for
        disposing of paper documents containing sensitive or confidential
        information after they're no longer needed
        --  After reviewing paper documents, more tech managers (41%) than
            business managers (30%) shred the documents, and more business
            managers (22%) than tech managers (19%) throw the documents in the
            garbage

Employees May Be Gaining Access to Sensitive or Confidential Information

    --  Organizations may not be taking all precautions to restrict employees
        from accessing physical paper documents they should not have access to:
        --  Only a third (33%) use physical security to prevent unauthorized
            access to document storage facilities
        --  Nearly two in five (38%) use filing cabinets or locked desks to
            store these document
        --  Less than a third (31%) enforce a clean desk policy
        --  Half (50%) of managers say their organization does not take any of
            these steps
    --  Nearly two thirds (60%) of managers agree employees, temporary employees
        and contractors have access to paper documents that are not pertinent to
        their role or responsibility

Managers Are Also Guilty of Neglecting Sensitive and Confidential Information

    --  More than half (51%) of managers have no process for disposing of paper
        documents containing sensitive or confidential information after they
        are no longer needed
    --  After reviewing a paper document, more than a fifth (21%) throw the
        document in the garbage
    --  The majority (54%) of managers have been targeted by a phishing email or
        social engineering scam at work, but only 39% of managers contacted
        their supervisor

About The Security of Confidential Documents in the Workplace Report:
Shred-it commissioned the Ponemon Institute to conduct a study of managers in a variety of business sectors. The study was conducted online in August and collected responses from 650 managers in IT security and non-IT positions in North America who are knowledgeable about their organization's strategy for the protection of confidential and sensitive information. Within the survey, "tech managers" refer to people in the following positions: CIO, CTO, CSO, CISCO and IT security technician/analyst. "Business managers" refer to people in the following positions: CFO, Controller, HR executive, Compliance Administration, Officer Manager, Senior Management and Business Owner.

About Shred-it
Shred-it is a world-leading information security service provided by Stericycle, Inc. Shred-it solutions ensure the security and integrity of private and confidential information, protecting more than 500,000 global, national and local businesses across 17 countries worldwide. For more information, please visit www.shredit.com.

View original content to download multimedia:http://www.prnewswire.com/news-releases/shred-it-study-finds-seemingly-innocent-workplace-mistakes-put-north-american-businesses-at-risk-for-data-breaches-300927646.html

SOURCE Shred-it

Related News

MinerEye Launches Data Breach Incident Response & Investigation Service to Battle the Increasing Cyber Risks of Mass Telecommuting

Information Security Forum Launches Threat Horizon 2022

Proctorio's Data Security Methodology Confirmed by Leading Information Security Company

Notice of Data Security Incident

RunSafe Security Appoints Veteran Security Experts to Technical Advisory Board

GTB Technologies' Data Loss Prevention (DLP) SDK with Multi-tenancy, The Next Disruption in Data Security

Technology Answers Call for Greater Public Safety, Crime Prevention

Fortress Information Security Adds New Partner In Securing U.S. Power Grid

View all News

Latest Procurements

Market Sounding - Defence Infrastructure Panel – Construction Major Works

To assist the Commonwealth of Australia (Commonwealth), represented by the Department of Defence, in considering the potential establishment of a standing offer for the undertaking of major construction works described...

ATM 24/2948 drone-mounted Magnetometer

Provision of a drone-mounted Magnetometer to the Australian Antarctic Division

ANSTO Engineering Design Services Panel

The ANSTO Engineering Panel will be established to support the design and development of new facilities, major projects, minor works, and ongoing building renovation and refurbishment needs across many different...

View all Procurementsp

Agenda

June

FranceParc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024, 17 - 21 June 2024, Parc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024 There can be no sustainable world without peace and security. Founded in 1967, the exhibition...

May

Paris Marriott Rive Gauche & Conference Center

Future Artillery, 21-23 May 2024, Paris Marriott Rive Gauche & Conference Center, France

DELIVERING FIRES IN THE MULTI-DOMAIN BATTLESPACE As artillery reasserts itself as the ‘King of Battlefield’ in the wake...

May

United Arab EmiratesADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR Abu Dhabi 2024, 21-23 May 2024, ADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR ACCELERATING TRANSFORMATION IN THE NATIONAL SECURITY ECOSYSTEM ISNR Abu Dhabi is the region’s most trusted...

View All Events

Companies

Senopex

Famesa

Aabco Engineering (M) Sdn Bhd

View All Companies