S. Cory White is the Executive Vice President and Chief Commercial Officer at Stericycle.
getty
The world we live and work in today is drastically different than just a few years ago. A global pandemic has changed the way we work and collaborate within our organizations and with customers.
Now companies are facing increased pressures to maintain reliable digital and physical data security in a hybrid work environment. Even with advancing technologies, companies remain vulnerable to information security threats—in fact, data breaches increased by 68% from 2020 to 2021.
Data protection strategies are vital in combatting data breaches and should be regularly updated and amended to meet the evolving data security landscape. This is especially true for small businesses, as the financial impact of a data breach could cripple them as they face regulatory actions and fines, legal fees and potential loss of customers.
In support of small businesses, my organization, Stericycle, recently released its annual Shred-it 2022 Data Protection Report (DPR). In this article, I am going to break down three key insights for small-business leaders (SBLs) to consider as well as actionable recommendations to address their data protection challenges.
1. Don’t forget about securing your physical data.
Two out of three small-business leaders in our report indicate that they spent more money on data and information protection measures this year than ever before. Small businesses have a responsibility to plan for data breaches or risk a major fiscal toll if an incident occurs. However, proper preparation requires understanding the risks themselves.
Our report found that the vast majority of SBLs (91%) believe that physical and digital data protection are equally important. However, only 27% of small businesses said they collect and destroy physical sensitive materials when no longer needed, such as printed materials and hard drives. This leaves a substantial gap in risk prevention, as our study revealed that 43% of 2021 incidents were physical. This is supported by a report from Deloitte identifying “the convergence of physical security and cybersecurity” as one of the major emerging threats to remain mindful of as we enter the post-pandemic future.
To address this gap, small businesses need to invest in both digital and physical security.
In terms of physical data vulnerabilities, part of the responsibility falls on employees. People might leave their documents on shared surfaces, keep technological devices open and unlocked or position their computer screens facing unauthorized personnel. Implementing and enforcing record retention and destruction policies in both office and remote work settings can help improve physical data security protocols.
A clean desk policy, for example, helps ensure that all sensitive physical documents are either stored or destroyed each time an employee leaves their desk, which helps prevent information theft. Businesses should also collect all documents that are no longer needed in a secure, locked container to be shredded.
2. Remember that education is key in data protection efforts.
Despite best efforts, 90% of SBLs in our study admit it has never been harder to keep their company’s sensitive data and information safe. They find that remote work (69%), employee turnover (63%) and supply chain vulnerabilities (60%) are the biggest drivers of their data protection challenges today.
Further, 67% of SBLs fear that their employees don’t know best practices to prevent a data breach. Verizon’s latest report also echoes this finding, revealing that human error “continues to beset this industry as it has for the past several years.” The most common error continues to be misdelivery at 36%, followed by other threats, including misuse and phishing. So this fear isn’t unwarranted.
Small businesses can benefit from mandating regular data security training for all employees. Training can help ensure employees are able to identify data security threats, understand their roles in mitigating the effects of an incident and understand these procedures in the context of current regulations.
In addition to regular training and continuous reminders of cyber hygiene habits, all new hires should also undergo in-depth security training as part of the onboarding process. This is particularly important during periods of employee transition like the “Great Reshuffle” we’ve witnessed recently.
3. The right partner can help you navigate a changing regulatory landscape.
While SBLs see the value of data and information protection regulations—calling them necessary (46%) and beneficial (38%)— more than half also say they struggle with compliance due to regulatory changes and lack of key resources. Large businesses often have more resources in the form of staff, tools and funding to meet and even get ahead of changing data and information protection regulations.
Many small businesses do not have a dedicated compliance or IT team to help them navigate changing regulations. In fact, 55% of SBLs in our study said they do not have adequate resources or support to navigate today’s data and information protection regulations.
As SBLs worry that changing regulations will become more difficult and complex, many are opting to collaborate with a trusted third-party security partner who can help small businesses comply with the shifting regulatory landscape.
In our study, over 90% of SBLs report wanting a trusted partner to help them comply with regulations. They specifically desire someone who understands changing regulations and is knowledgeable of their legal obligations when it comes to data and information protection. The right partner can help SBLs navigate this difficult environment and feel more confident in their organization’s ability to protect their company’s sensitive data and information.
Now is the time to take control of your company’s data protection.
The last few years have created more security challenges for small businesses than ever before. SBLs know that data security is a necessary foundational element in building and retaining strong relationships with their customers, employees and partners.
These key insights and recommendations are just three small steps SBLs can take toward better data protection, setting their brand and bottom line up for future success.
Forbes Business Development Council is an invitation-only community for sales and biz dev executives. Do I qualify?
