Data breaches mean bankruptcy for small businesses

A blue workplace recycling bin. Stock photo by Getty Images

Recycling bins are standard at most workstations, but those little blue boxes can trigger a data breach that can be deadly for most small businesses.

More than 70 per cent of leaked or stolen information — electronic or paper — stems from employees carelessly handling sensitive files and documents.

“It’s happening more often inside the building than it is outside,” confesses Bruce Andrew, a marketing executive at Shred-it. He says this “inadvertent stealing” can be in the form of tossing an employee file in a recycling bin, or sending a file or e-mail over an unprotected network.

The average cost of a data breach in Canada is $5.3 million, according to Shred-it’s recently released Security Tracker 5.0 report.

“Small businesses can’t recover from that; it can put them out of business,” stresses Andrews.

And while the government and security companies like Shred-it have been banging the drum on this issue for many years, small businesses remain woefully unprepared for the consequences.

Nearly 40 per cent of the small companies surveyed in the report, conducted by Ipsos Reid, said they didn’t have a policy in place for storing or deleting confidential documents.

“They aren’t even aware of the laws and compliance issues related to information security and information destruction,” says Andrews, who adds most believe they are too small to merit any attention from hackers or dumpster divers.

However, Andrews warns: “Thieves don’t discriminate.”

Unlike larger companies that have security and public relations departments to help them recover, small businesses don’t have the same resources.

They also lag their larger competitors in making sure security protocols are enforced, with a shocking 36 per cent admitting they have never trained their staff.

Andrews, however, has some easy tips employers can implement to help safeguard their businesses:

  • lock file cabinets;
  • eliminate recycling bins;
  • use laptop locks;
  • encrypt smartphones;
  • limit access to certain network folders;
  • install anti-malware on all computers.

Security breaches can quickly cripple a business’s reputation, because customers go away and they never return.

At the end of the day the best defence is a simple one.

“Just shred everything you’ve got,” says Andrews. “Don’t leave the decision in the hands of your employee who has to decide what to do.”

Find a Lawyer