In 2022, protecting personal and sensitive information will encompass an assortment of unique and ongoing challenges. As workplaces fluctuate between remote or flexible working, the information security landscape is adapting as well, and businesses need to be more agile than ever to ensure data protection doesn’t fall through the cracks.
Here are the top trends you need to factor into your information security strategies.
The Incidence of Data Breaches Continues to Grow—and They’re Not Just Digital
Data breaches can have serious consequences, including damaged reputations, fines, and loss of customers. Our 2021 Data Protection Report (DPR) found that 1 in 4 businesses fear that an attempted data breach is very likely for their company in the next 12 months.
To minimize their risk, businesses need to take steps to prevent against physical data breaches—not just digital ones. A recent report from Verizon shows that physical breaches with known data disclosure accounted for 43% of breached assets.
Some of the common behaviors that can result in physical data breaches include:
- Leaving documents unattended in public spaces when not in use. In offices, this can include desks and common areas, such as meeting rooms or printers. For remote workers, this includes any spaces that are accessible to others.
- Stockpiling outdated IT equipment such as old hard drives—particularly when access is not limited to a key administrator.
Remote Working Becomes Flexible Working
The year 2022 is predicted to see a rise in some businesses establishing a new normal, where more employees return to in-office working on a part-time basis and continue to spend some days working from home. This poses a number of unique challenges:
- New working dynamics could mean increased opportunity for risk. With employees splitting time between on- and off-site work locations, businesses must be cognizant that data could be put at risk through simple human error. For instance, if an employee mistakenly forgets to secure a document before leaving for the day, it could be left out in the open until they return. In a hybrid working model, it could be several days before the employee returns to the office.
- Similarly, some companies may choose to offer “on-demand” or flexible workspaces, often known as hoteling stations, which can be used as needed, versus traditional office set-ups that provide employees with permanently assigned spots. If documents are not secured, they could be accessed by anyone who visits the workspace next. Adding to the risk, with employees entering the office on unfixed schedules, it may be challenging to track who was present when a data breach occurred.
- Working from home will continue to present a serious risk as well. According to the 2021 DPR, 25% of employees working off-site dispose of printed documents in their personal trash or recycling bin, despite potentially containing sensitive or proprietary company information.
Employees Are a Weak Link In the Chain of Security
One of the most significant barriers to data security in 2022 will continue to be employees. While accidental data loss can happen, it’s far from the only risk posed by employees.
- Ensuring adherence to information security policies is among the critical challenges businesses face, and employees' lack of understanding of the threats and risks to the organization can be a barrier to this.
- Unfortunately, human error and lack of knowledge are not the only employee data security challenges companies will face. The 2021 DPR shows that malicious insiders also pose a significant threat. In fact, more than half (53%) of data breaches among those surveyed were caused by malicious insiders in 2021, compared to 22% from employee error.
TIPS TO HELP YOU STAY AHEAD OF SECURITY RISKS
- Establish a culture of security with effective policies. Implement a Clean Desk Policy for both on-site and remote workers, as well as a Shred-it All™ Policy so employees are clear on data protection expectations, and ensure the policies are enforced. Consider offering incentives for success.
- Know your data. Ensure your data protection plans encompass both electronic and physical information and consider how it is retained, protected, and destroyed, in alignment with statutory guidelines.
- Provide role-based training. Ensure employees fully understand and can implement data protection policies by implementing hands-on training initiatives such as simulations.
With possible impacts of a data breach including damaged reputation, financial loss, and turnover, investing in data protection is no longer optional. Shred-it can help you stay on top of information security challenges to safeguard your data and the well-being of your business. Learn more about how we can help protect your organization.