By Kal Irani
Retail is looking different this year, with more consumers turning to online shopping platforms. According to Statistics Canada, over the years retail eCommerce sales have become more prominent, reaching a record $3.9 billion in May 2020 alone, a 2.3 percent increase since February, and a whopping 110.8 percent increase compared to May 2019.
While a rise in online commerce brings convenience for consumers, it also holds risks for consumer and company data. In fact, recent research conducted by Shred-it indicates many Canadian organizations are inadvertently letting client and company data protection fall to the wayside.
Despite most consumers reporting physical and digital security as a top priority when choosing who to do business with, more than half (56 percent) of C-suites and 29 percent of small business owners report that their organization is likely to suffer a data breach within the next five years.
As we look back on months of drastic and unprecedented change in 2020, and ahead to a new year filled with uncertainty, it has never been more important for businesses to strengthen consumer loyalty by prioritizing data protection.
Data protection key trust element
When consumers provide their personal information to a company such as payment/credit card details, email addresses and physical addresses, they expect it to be kept safe.
But when it is not, it can fall into the hands of those with nefarious intentions, potentially damaging trust, the company’s reputation and the bottom line. In fact, as many as one in three consumers affected by a data breach would tell others about it or lose trust and demand to know what is being done to prevent future breaches.
While nearly one in four consumers would seek compensation or stop doing business with an affected company altogether, data breaches, no matter the severity, are catalysts for diminishing consumer trust and a potential revenue hit.
Employee training, policies critical
With human error reported as the most common cause of a data breach, and a decline in employee training, Canadian businesses should re-evaluate their current training practices to identify areas of improvement to protect their information.
This lack of employee training on information security is particularly prominent for small businesses, where only 34 percent have regular training on digital and cyber threats. Larger organizations are better but far from perfect. While the majority have some form of training, only 35 percent offer frequent staff training (at least twice per year).
To mitigate the risk of experiencing a data breach and to maintain a favourable relationship with consumers, businesses of all sizes should reassess their current data security practices or they could experience a loss of consumer trust.
What companies can do
The good news is that businesses large and small can strengthen consumer trust and reassure them and employees by implementing a few key information security strategies.
1. Regularly update workplace policies. Ensure all company policies are up-to-date and that employees are aware of these policies and adhere to them. This includes both computer security measures (passwords, encryption, firewalls, anti-virus software, event monitoring tools, etc.) and physical security measures (such as a Clean Desk Policy).
2. Offer frequent employee training. Employees can be a company’s greatest strength but also its greatest weakness when it comes to information security. When provided with the right training, employees can protect the company from data breaches by alerting IT departments of phishing scams or by properly storing and disposing of confidential information on physical documents and end-of-life devices. Continual employee training is crucial for building and maintaining a culture of information security and privacy compliance within an organization.
3. Continue to prioritize physical and digital data security. Physical and digital document security are equally important, and businesses should continue to prioritize both to reduce the risk of data breaches. Only 7 percent of C-suites report their businesses operate in a paperless environment, yet alarmingly, leaders have decreased their policies around storing and disposing of confidential information by 13 percent this year, creating a greater threat for physical information theft.
Overall, it’s best to work with a National Association for Information Destruction (NAID) professional, such as Shred-it, to properly dispose of sensitive, confidential information. Professional document shredding has become the unofficial industry standard for safely destroying confidential data.
4. Proactively plan for the worst-case scenario. Data breaches happen, and it is better to have a plan for managing them than to be caught without one. Embrace risk planning and compliance while ensuring all employee training policies are up-to-date and frequently reviewed. Technology moves quickly, so staying ahead of the curve is a best practice for keeping confidential consumer data secure.
5. Be as transparent as possible. Ensure consumers are aware of what data is collected and retained, how it is stored and protected, for how long it is kept available, and how it is eventually destroyed once no longer needed. Providing transparency up front will help consumers feel more at ease knowing exactly what is being done to protect their data and how committed the organization is to security.
6. Honesty is the best policy. When a data breach happens, be ready to notify all at-risk and/or affected parties immediately. Be open, honest and transparent about what happened and give impacted consumers clear options for what happens next. Make sure to explain what steps your organization is taking to ensure a data breach does not happen again.
Not investing the proper time and resources toward better policies for safely storing and disposing of confidential information puts your organization at risk. With threats including data breaches, irreparable loss of consumer trust, and a hit to the bottom line, every business should have a reliable and well-developed data protection policy in place.
Kal Irani is vice president of go-to-market at Stericycle, provider of Shred-it information security solutions. Shred-it is an information security service provided by Stericycle, Inc. Shred-it’s leading information destruction solutions ensure the security and integrity of private and confidential information, protecting global, national, and local businesses across 14 countries worldwide. For more information, please visit www.shredit.com.