A lack of physical security still leads to data breaches but is being ignored, says study from Shred-It and Ponemon Institute

Do strong cybersecurity practises prevent all data breaches? Not according to a new study from Shred-it and the Ponemon Institute.

Preet Saini believes a lack of training and regulations are causing a lag in physical security. Credit: LinkedIn

The recent major data breaches in Canada have led many to put a lot more focus into cybersecurity for their companies, but the study from Shred-It outlines how a lack of physical security can also lead to data breaches and many people seem to have forgotten about it.

“Everything is online. So all of the resources get put towards methods to make sure that our internets are secure. Because of that, everybody does forget that there are uses for paper,” said Preet Saini, the manager of Stericycle, who are a provider of Shred-it products, said in an interview with ITbusiness.ca. “Increasingly, because we think we are doing a lot of things online, we forget about those smaller instances where we have to engage with physical documents or physical information. And there just aren’t enough protocols in place to make sure that those are properly taken care of.”

Often times, data breaches due to a lack of physical security are caused by simple negligence and common workplace behaviors, as opposed to malicious attacks, said Saini. The main culprits according to the study are not properly disposing of unused hard drives and devices, sending email to the wrong recipient (88 per cent surveyed said they have received such an email with confidential information), or leaving paper documents with confidential information around without properly disposal methods or storing it in a secure location (71 per cent of managers surveyed said they have encountered this).

What would appear to some as minute issues, can actually cause serious issues. In fact, the study shows that a staggering two out of three businesses in Canada have experienced a data breach over the last year, a stat that Saini said does not surprise him, mostly because of the lack of effort put into physical security.

“It wasn’t necessarily surprising, mainly because… with the digitization of the world happening, we’ve noticed that companies more and more are starting to neglect paper documents,” said Saini. “And unfortunately, it’s employee negligence that’s caused the main core of data breaches happening.”

And that negligence could be corrected by proper awareness training, said Saini.

“The biggest core reason behind the employee negligence is lack of training. Key members don’t know what they’re supposed to be spreading or what emails they can send or what data they should or should not have access to. People just don’t know what they don’t know. So there’s a lack of training.”

In addition to a lack of training, Saini said he sees a lack of proper regulations or a lack of communication of those regulations being instituted by companies, which furthers the confusion that employees are experiencing regarding confidential information.

“It’s going to happen when it’s a larger organization. Training and policies are not trickled down effectively from the top,” said Saini. “So when their training and policies are not communicated effectively, it’s tough for managers to roll that out to their team. Therefore there is a loss in confidence in them.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Buckley Smith
Buckley Smithhttps://www.itbusiness.ca
Staff writer for IT World Canada. Covering the world of technology as it applies to business. Buckley is an avid sports fan who loves travel, food, and music. Can be contacted at [email protected] or 416-290-2000.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs