Is Your Business Trustworthy? Your Employees Are Key
One day soon you may see a company advertise the fact that it is ‘data breach free’.
It’s not as ‘out there’ as it may seem…
A 2013 survey by YouGov for Check Point Software showed that 77% of consumers said they would choose to buy from a company that had not had a data breach or leak, over one that had.
This sentiment is reflected in the massive plummet in consumer confidence following recent serious data breaches at major brands including eBay and Target (the number two retailer in the US).
Of course, it’s not a big surprise that consumers have lost trust in business and government to safeguard their personal information. The number of reported data breaches from both public and private sectors has skyrocketed in recent years. And the media have played their part in fuelling public concern, revelling in the horror stories of lost laptops, documents left on trains and supposedly destroyed hard drives full of personal data appearing in online auctions.
But here’s the real shocker from the YouGov poll. It showed that many of the respondents knowingly take risks with potentially sensitive data when they are at work.
Of the 2,061 people who were surveyed and who sometimes work away from their office, over half had risked committing a breach by being careless with sensitive information (for example, using unencrypted USB sticks or forwarding emails to personal addresses). They said they either ignore their company’s security policies outright or they’re just not aware of any.
This issue becomes all too apparent in the results of Shred-it’s 2014 Security Tracker Survey conducted by Ipsos Mori. It found that only half (54%) of SMEs and two thirds (68%) of large businesses have a protocol for storing and disposing of confidential waste documents and data that is actually followed consistently by employees. Makes you wonder what the other half and third (respectively) are up to!
“The way you treat your employees is the way they will treat your customers”. If Richard Branson’s now famous quote is true (and let’s face it – he probably knows a thing or two about the subject), then it follows that if companies are not impressing on their staff the importance of data security, employees are unlikely to treat customer information with the degree of care it needs and deserves.
In an era when volumes of, and accessibility to, data is increasing exponentially it’s more important than ever for all organisations - large and small, public and private - to have an information security programme… and to ensure that their employees actually buy in to and follow it.
Here are three questions you may want to ask yourself when thinking about data security in your organisation:
Does our workplace culture value and respect confidentiality and privacy?
Do we have a clear information security strategy and policy that complies with data protection legislation and best practice?
Are our employees educated and engaged in information security issues in our organisation and do they understand the crucial role they play?
If any of this is ringing alarm bells for your business or workplace, you can find further help and information in one of our recent newsletters It's all about trust: How to establish and maintain trust by developing a culture of security.