Shred-it Study Finds Seemingly Innocent Workplace Mistakes Put North American Businesses At Risk For Data Breaches

New Report Finds 71 Percent of Managers Have Seen Confidential Documents Left on the Printer, 77 Percent Have Accidentally Sent an Email Containing Sensitive Information to the Wrong Person

Two thirds (68%) of businesses reported their organization has experienced at least one data breach in the past 12 months, and nearly three in four (69%) of those data breaches involved the loss or theft of paper documents or electronic devices containing sensitive information. That is according to a new report from Shred-it “The Security of Confidential Documents in the Workplace,” conducted by the Ponemon Institute, which reveals the discrepancy in priority between cybersecurity and physical security, and the mistakes employees and managers make that may be contributing to a rise in data breaches.

According to the report, typical workplace occurrences may be at the root of the problem as 65% of managers are concerned their employees or contractors have printed and left behind a document that could lead to a data breach. Those fears have been confirmed as seven in 10 (71%) managers have seen or picked up confidential documents left in the printer. This seemingly innocent workplace mistake isn’t the only thing threatening information security, over three in four (77%) managers admit they have accidentally sent an email containing sensitive information to the wrong person. What’s more, nearly nine in 10 (88%) have received an email containing sensitive information from someone within or outside of their organization they were not intended to receive.

HR Technology News: Amazon Career Day – More Than 200,000 Applications For Jobs At Amazon

“The report reveals two key factors about information security in North American businesses– employee negligence, intentional or not, can be a leading contributor to data breaches and that businesses should equally consider the needs for cybersecurity and physical information security within their organization,” said Ann Nickolas, Senior Vice President, Stericycle, the provider of Shred-it information security solutions. “Although cybersecurity is no doubt an important element of protection, businesses should look to strike a balance between investing in physical security and cybersecurity, as well as integrating better communication with employees on risk factors, to best arm themselves against potential breaches”

When exploring physical security versus cybersecurity, the report found that less than two in five (39%) managers believe the protection of paper documents is just as important as the protection of electronic records. This may be why more than half (51%) of managers say their organization does not have a process for disposing of paper documents containing sensitive information.

Additional findings from the report include:
Tech and Business Managers Are Not Aligned on Security Responsibilities and Protocols

  • A quarter (25%) of technology managers believe that CISOs are most responsible for granting access to paper documents or electronic devices containing sensitive or confidential information, compared to 1% of business managers
  • 22% of business managers believe no one function is most responsible, compared to 16% of technology managers.
    • Sixteen percent of business managers believe the business owner is most responsible, compared to 6% of technology managers
  • Fewer (32%) tech managers than business managers (42%) believe the protection of paper documents is just as important as the protection of electronic records
  • Less than half (45%) of tech managers and more than half (53%) of business managers say their organization does not have a process for disposing of paper documents containing sensitive or confidential information after they’re no longer needed
    • After reviewing paper documents, more tech managers (41%) than business managers (30%) shred the documents, and more business managers (22%) than tech managers (19%) throw the documents in the garbage

HR Technology News: Crain’s Notable Women In Education Leadership Recognizes Jeannine Kunz

Employees May Be Gaining Access to Sensitive or Confidential Information

  • Organizations may not be taking all precautions to restrict employees from accessing physical paper documents they should not have access to:
    • Only a third (33%) use physical security to prevent unauthorized access to document storage facilities
    • Nearly two in five (38%) use filing cabinets or locked desks to store these document
    • Less than a third (31%) enforce a clean desk policy
    • Half (50%) of managers say their organization does not take any of these steps
  • Nearly two thirds (60%) of managers agree employees, temporary employees and contractors have access to paper documents that are not pertinent to their role or responsibility

Managers Are Also Guilty of Neglecting Sensitive and Confidential Information

  • More than half (51%) of managers have no process for disposing of paper documents containing sensitive or confidential information after they are no longer needed
  • After reviewing a paper document, more than a fifth (21%) throw the document in the garbage
  • The majority (54%) of managers have been targeted by a phishing email or social engineering scam at work, but only 39% of managers contacted their supervisor

HR Technology News: Cox Enterprises Appoints John Kovac As Senior Vice President, Brand, Marketing And Creative