Information security policies and procedures play an important part in protecting small businesses from the risk of a data breach, but many small businesses undermine their efforts by failing to properly train their employees. According to the 2015 Shred-it Security Tracker, 69 per cent of small businesses either don't train employees on information security procedures or only train on an ad hoc basis.
"Eighty-two per cent of small business owners are at least somewhat aware of their legal obligations for storing and disposing of confidential data," says Bruce Andrew, SVP, Shred-it. "If that doesn't translate into strict information security protocols and training, then they're exposing their businesses to significant risks."
Many small businesses may overlook the development of information security protocols and the training of employees due to limited resources. However, exposure to the risk of a data breach may end up costing the business more in the long run. According to the Ponemon Institute, the average cost of a single lost or stolen record is $2501. Furthermore, the same report shows that among the countries studied, breaches due to human error are highest in Canada—employee training is an investment that pays long-term dividends.
"It's important for small businesses to realize that every step they take to improve their information security protocols and training helps," says Andrew. "From teaching employees to shred documents they no longer need to mandating the encryption of mobile devices, arming employees with the knowledge they need helps protect organizations from the risk of a data breach."
Luckily for small businesses, there are some simple and easy-to-implement ways that will educate employees and help protect data in your organization. Shred-it is helping small business owners with convenient and executable reminders to place throughout the office that will help ensure employees know their information security responsibilities.