May 02, 2022
An organization’s reputation can be one of its most valuable assets. According to a 2021 survey from PwC, companies with high consumer trust are more likely to have customer loyalty, a growing customer base, revenue growth, and access to financing. Shred-it's 2021 Data Protection Report similarly found that 4 out of 5 consumers surveyed decide which company to do business with based on its reputation for data security. On top of that, according to Zendesk about half of consumers will switch brands after one bad experience.
These findings highlight that information security can play a huge role in consumer behaviours. Despite these trends, 2021 was one of the worst years for data breaches in history. According to RBS, there were 101 publicly disclosed breaches in Canada in 2021. Shred-it's Data Protection Report found that 38% of consumers surveyed had been impacted by a data breach in 2021.
The increase in data breaches is costly and inefficient, and it can damage and even destroy a company’s reputation. To help mitigate these risks and build trust with customers, leaders should understand the basics of protecting confidential information in the era of data breaches.
What Is Considered Confidential Data?
The term “confidential data”, as used here, generally refers to any nonpublic information. This can include confidential business information, such as proprietary information or pricing, or personal information, such as an individual's name, address, email address, IP address, social insurance number, and/or telephone number.
Depending on the industry, certain confidential information may be regulated. Healthcare providers, for example, are responsible for restricting the disclosure of protected health information per Canadian Healthcare Privacy Legislation. Most provinces and territories have their own healthcare privacy legislation. In Ontario, the Personal Health Information Protection Act (PHIPA) gives individuals the right to be notified of the theft or loss or of the unauthorized use or disclosure of personal health information. Additionally, private-sector organizations across Canada that collect, use or disclose personal information in the course of a commercial activity are subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).
What Are the Potential Causes of a Data Breach?
The businesses surveyed in Shred-it's 2021 Data Protection Report identified four major sources of a data breach: malicious outsiders, malicious insiders, partners and suppliers, and employee error. The report found that 29% of all data breaches involved malicious insiders: employees inside an organization who share confidential information with outside sources. This contradicts the belief that only hackers and cybercriminals are responsible for data breaches.
While not the largest source of data breaches, breaches involving employee error accounted for 17% of all data breaches reported in the survey. Organizations can help mitigate this type of data breach by implementing policies that outline information security and privacy guidelines and provide ongoing data security training—on both digital and physical risks.
Which Industries and Company Types Are Potentially at Risk for a Data Breach?
The 2021 Data Protection Report found that organizations surveyed in the insurance (75%), real estate (69%), and healthcare (56%) sectors are the most likely to have experienced a data breach. However, any organization that stores large amounts of confidential data, including financial and professional services firms, is at risk of a data breach.
The report also found that nearly half of large businesses surveyed have experienced a data breach, up from 43% in 2020. However, while data breaches at large companies often get the most attention, data breaches at small and medium-sized businesses are also on the rise. In 2021, 50% of small and medium-sized businesses (defined in the survey as having less than 499 employees) reported a data breach, a significant jump from 12% in 2020. This highlights that any organization, large or small, can fall victim to a data breach.
How Can Remote and Hybrid Work Models Affect Data Confidentiality?
Some experts attribute a rise in data breach risks to the COVID-19 pandemic, which contributed to many employees working from home. As a result, businesses’ physical confidential information was spread out across home workspaces instead of the one centralized location—the office. Employees may have also disposed of confidential documents in their home trash rather than through a secure document destruction process. Further, digital confidential information is potentially at risk due to the use of home Wi-Fi networks that may have fewer security controls compared to an office network. This decentralization invites more opportunities for data breaches and malicious actors.
As many businesses continue to use remote and hybrid work models, it is important that they consider the data security risks of at-home settings and put policies in place to help address them.
How Can Companies Take Steps to Protect Confidential Data?
Companies can employ a wide range of strategies to help reduce their chances of experiencing a data breach. Some of these actions include:
Learn more about how secure data destruction with Shred-it can help prevent data breaches.