Two thirds (68%) of businesses reported their organization has experienced at least one data breach in the past 12 months, and nearly three in four (69%) of those data breaches involved the loss or theft of paper documents or electronic devices containing sensitive information, according to the Shred-it report conducted by the Ponemon Institute.
According to the report, typical workplace occurrences may be at the root of the problem as 65% of managers are concerned their employees or contractors have printed and left behind a document that could lead to a data breach.
Those fears have been confirmed as seven in 10 (71%) managers have seen or picked up confidential documents left in the printer. This seemingly innocent workplace mistake isn’t the only thing threatening information security, over three in four (77%) managers admit they have accidentally sent an email containing sensitive information to the wrong person.
What’s more, nearly nine in 10 (88%) have received an email containing sensitive information from someone within or outside of their organization they were not intended to receive.
“The report reveals two key factors about information security in North American businesses– employee negligence, intentional or not, can be a leading contributor to data breaches and that businesses should equally consider the needs for cybersecurity and physical information security within their organization,” said Ann Nickolas, Senior VP, Stericycle.
“Although cybersecurity is no doubt an important element of protection, businesses should look to strike a balance between investing in physical security and cybersecurity, as well as integrating better communication with employees on risk factors, to best arm themselves against potential breaches”
When exploring physical security versus cybersecurity, the report found that less than two in five (39%) managers believe the protection of paper documents is just as important as the protection of electronic records. This may be why more than half (51%) of managers say their organization does not have a process for disposing of paper documents containing sensitive information.
Tech and business managers are not aligned on security responsibilities and protocols
- A quarter (25%) of technology managers believe that CISOs are most responsible for granting access to paper documents or electronic devices containing sensitive or confidential information, compared to 1% of business managers
- 22% of business managers believe no one function is most responsible, compared to 16% of technology managers.
- Sixteen percent of business managers believe the business owner is most responsible, compared to 6% of technology managers.
- Fewer (32%) tech managers than business managers (42%) believe the protection of paper documents is just as important as the protection of electronic records.
- Less than half (45%) of tech managers and more than half (53%) of business managers say their organization does not have a process for disposing of paper documents containing sensitive or confidential information after they’re no longer needed.
- After reviewing paper documents, more tech managers (41%) than business managers (30%) shred the documents, and more business managers (22%) than tech managers (19%) throw the documents in the garbage.
Employees may be gaining access to sensitive or confidential information
Organizations may not be taking all precautions to restrict employees from accessing physical paper documents they should not have access to:
- Only a third (33%) use physical security to prevent unauthorized access to document storage facilities
- Nearly two in five (38%) use filing cabinets or locked desks to store these documents
- Less than a third (31%) enforce a clean desk policy
- Half (50%) of managers say their organization does not take any of these steps
Nearly two thirds (60%) of managers agree employees, temporary employees and contractors have access to paper documents that are not pertinent to their role or responsibility.
Managers are also guilty of neglecting sensitive and confidential information
- More than half (51%) of managers have no process for disposing of paper documents containing sensitive or confidential information after they are no longer needed
- After reviewing a paper document, more than a fifth (21%) throw the document in the garbage
- The majority (54%) of managers have been targeted by a phishing email or social engineering scam at work, but only 39% of managers contacted their supervisor