Human Error Seen as Leading Cause of Information Security Breaches

Canadian businesses can reduce the risk of data breaches caused by human error through auditing, training and implementation of protocols

Toronto, ON (June 2, 2016) – The sixth annual Shred-it Security Tracker Survey reveals that Canadian businesses view human error as the greatest risk to their information security but very few are implementing training programs and establishing protocols to help employees recognize these risks.

According to the 2016 Security Tracker Survey results, Canadian C-Suite Executives and Small Business Owners (SBOs) recognize that employee lack of knowledge and human error concerning information security protocols are the biggest threats to their company in the future: 41% and 47% respectively.

Despite this finding, Canadian businesses are not prioritizing employee training and auditing on company information security procedures and industry legal requirements. According to the study, 31% of C-Suite Executives say they train employees more than once a year on their industry’s legal compliance requirements and 39% of SBOs never conduct compliance training with employees. Additionally, 39% of SBOs never train employees on their company’s information security procedures, 31% only do it on an ad-hoc/as-needed basis and 47% only audit their policies every few years or less.

“With little training on information security procedures, employees are forced to make the decision as to what is and what isn’t considered confidential. Should they make an error in judgement, the organization can unintentionally be exposed to serious information security issues and the potential for fraud,” says, Andrew Lenardon, Global Director, Shred-it. “To mitigate this uncertainty and help employees understand their roles and responsibilities for data management, business leaders must conduct frequent training and test that training with audits of internal and external protocols.”

Businesses should consider training as an ongoing process in order to keep risks top-of-mind among employees and ensure the information security policies and procedures are being followed. However, the Security Tracker Survey results show that there is room for improvement. Approximately half of C-Suite Executives (57%) and less than half (43%) of SBOs have a protocol for storing and disposing of confidential paper data that is strictly adhered to by all employees, and 61% of C-Suite Executives and only 40% of SBOs have a protocol addressing electronic devices that is strictly adhered to by all employees.

“By failing to ensure employees understand and follow security policies, Canadian businesses are putting their organization and reputations at-risk by exposing valuable customer, employee and business data,” says Lenardon. “Regular training and auditing not only mitigates the risk of data breaches caused by human error or lack of knowledge of security practices, but also serves as a helpful reminder to employees to follow policies. Training and auditing is a critical part of every information security plan and are vital in reducing data breaches.”

To further help organizations reduce the risk of data breaches caused by human error, Shred-it offers three solutions to help small and large organizations safeguard their business information:

  • Shred-it All Policy: Only 28% of SBOs identify having a policy which requires ALL paper documents to be shredded and 33% have no policy in place. As a result, employees are forced to make the decision as to what should be shredded and what can be disposed of in a recycling bin or waste basket. Instituting a Shred-it All policy removes the choice by requiring all paper documents to be shredded before disposal or recycling. In addition, all shredded paper is recycled, adding an environmental benefit to an information security solution for businesses.
  • Clean Desk Policy: Unattended work stations pose a risk as loose paperwork and a messy desk are an easy target for theft. However, 53% of SBOs do not require employees to clear their desk of all documents when they leave their workstation for an extended period. Implementing a Clean Desk Policy encourages employees to clear their desks and lock-up documents before they leave for the end of the day or when away for an extended time. This helps safeguard all confidential data.
  • Destroying Hardware: Canadian C-Suite Executives (37%) and SBOs (38%) surveyed dispose of electronic confidential data by wiping and degaussing hard-drives in-house. Unfortunately, this method does not ensure the data stored on the hard drive is inaccessible and employees can be accidentally exposing confidential information when old hard-drives are sent to be recycling or reused. Organizations must require obsolete hard drives to be physically destroyed before disposal, as it’s the only way to safeguard the confidential information found on them.

Canadian businesses must prioritize regular employee training and policy auditing in order to protect workplace information security. When all employees understand how to manage and identify privacy risks, business leaders are in a better position to protect their customers, their reputation and their people. Implementing an information security program like Shred-it’s suite of Workplace Security Policies which includes a Shred-it All Policy, Document Management Policy, and a Clean Desk Policy, will help better manage the flow of workplace documents and mitigate the risk of human error-related fraud.

Every year, Shred-it develops the State of the Industry Report to highlight common Information Security trends and emerging challenges based on the Security Tracker’s key findings. Now in its fifth year this report provides comprehensive insights and tips on how businesses can protect and mitigate risks when it comes to information security. Download the current report to learn more about information security trends, as well as ways in which businesses, large and small, can protect their data.

Human Error Seen as Leading Cause of Information Breaches (Shred-it)

About Shred-it

Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients’ private information. A wholly, owned subsidiary of Stericycle, Shred-it operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit

About Ipsos

Ipsos ranks third in the global research industry. With a strong presence in 87 countries, Ipsos employs more than 16,000 people and has the ability to conduct research programs in more than 100 countries. Founded in France in 1975, Ipsos is controlled and managed by research professionals. They have built a solid Group around a multi-specialist positioning – Media and advertising research; Marketing research; Client and employee relationship management; Opinion & social research; Mobile, Online, Offline data collection and delivery.

Ipsos is listed on Eurolist – NYSE-Euronext. The company is part of the SBF 120 and the Mid-60 index and is eligible for the Deferred Settlement Service (SRD).

About the 2016 Security Tracker

Ipsos conducted a quantitative online survey of two distinct sample groups: small business owners in Canada (n=1,000), and C-Suite Executives working for businesses in Canada with a minimum of 100 employees (n=100). The precision of Ipsos online surveys are calculated via a credibility interval. In this case, the Canada SBO sample is considered accurate to within +/- 3.5 percentage points had small business owners been surveyed, and the Canada C-Suite sample is accurate to within +/- 11.2 percentage points had all C-Suites in been surveyed. The fieldwork was conducted between March 17 and March 23, 2016.