A new report by Shred-it found that most consumers consider physical and digital security a top priority for them when choosing who they should do business with.
The company’s Data Protection Report 2020 specifically notes that 86 per cent of consumers prefer to do business with companies that prioritize protecting their data. The report also reveals that 43 per cent of Canadian C-suites (executives) and 12 per cent of SBOs (small business owners) have experienced a data breach, with the most common cause being human error.
“Data breaches can have devastating financial impacts on businesses, including legal fees, declining brand equity, the loss of customers, regulatory demands, and fines,” said Shred-it in its report. “It is critical that businesses act to both prevent breaches and minimize the impact should they occur.”
This, coupled with high-profile data breaches over the last decade, have led to consumers becoming increasingly skeptical that organizations are able to protect their information from threats like malware, ransomware, and phishing. Or in terms of physical risks — paper documents, laptop and desktop computers, and external hard drives that contain their personal data.
Furthermore, 53 per cent of Canadians do not believe businesses report all their data breaches.
Shred-it’s report also indicates that training and enforcement are lacking in businesses, with 62 per cent of C-suites and 40 per cent of SBOs believing their organization has a policy for storing and disposing of confidential paper documents. But for 30 per cent of C-suites and 64 per cent of SBOs, there is no regular employee training on their information security policies or procedures.
“Surveyed prior to the COVID-19 pandemic, 76 per cent of C-suites and 51 per cent of SBOs reported having employees who regularly or periodically work off-site. Shred-it research highlights the critical need for businesses to implement policies for storing and disposing of confidential information when employees work remotely,” said Shred-it.
Research conducted by the Ponemon Institute indicates the average cost of a data breach in Canada has increased significantly — up to $5.94 million in 2020. However, businesses with an incident response team that extensively tested their plan experienced a less severe data breach in terms of costs — $2.64 million less, on average, compared to businesses that did not have a plan in place.
“This research also shows that it pays to be prepared,” said Shred-it.
Specific to automotive, the report shows 65 per cent of automotive businesses do not think a data breach is likely within the next five years. Key findings also point to 28 per cent of auto businesses as not training employees on how to identify common cyber-attack threats, such as malware, ransomware, and phishing.
Thirty per cent will train, but only once. And only thirty one per cent of auto businesses believe that data breaches are serious.
“With approximately 1.9 million cars sold across Canada in 2019, dealerships handled a corresponding 1.9 million credit scores, drivers’ licenses, insurance information, and other personal data,” said Shred-it. “Despite this reality, tremendous complacency was observed in this industry when it comes to placing themselves at an increased risk of experiencing a data breach.”
The report found that 46 per cent of employees work remotely or away from the office on a regular basis, but that 33 per cent of C-suites and SBOs have no policy in place for storing and disposing of confidential data when employees work remotely.
“As an industry that relies on reputation and relationship building, similar to that of a financial institution, data security must be a main pillar of client service,” said Shred-it.
The report offers a few guidelines on what dealers can do to secure both physical (document) and media destruction.
For physical, the report states that businesses should:
- Shred before recycling to reduce the chance that unattended paper could leave an organization;
- Store all documents to be shredded in a secure console; and
- Shred using a reliable professional service with a secure chain of custody that includes on-site destruction.
For media, the report states that businesses should:
- Implement a secure destruction policy of electronic media, such as hard drives and digital;
- Avoid stockpiling old electronic media and regularly cleaning out storage facilities;
- Use a secure method to dispose of hard drives and electronics before materials; and
- Work with a specialist who maintains a tight chain of custody to ensure the secure destruction of electronic media.
For greater protection, dealers may need to consider cyber insurance, strong employee training, and ensure employees working remotely adhere to company policies.
“An urgent focus in training and policy development will help employees protect sensitive business and customer data from cyber-attacks and minimize risks around physical documents,” said Shred-it.
To download the full report, click here.
