Survey: data protection policies not up to the job

After big banks’ cyber security breach, report reveals clients’ deep concerns are not being met

Survey: data protection policies not up to the job

The BMO and CIBC data breaches reinforced consumers’ deep concerns about handing over personal data to the financial industry, according to an industry insider.

This worry is only heightened by the increasing popularity of workplace mobility, according to new findings from Shred-it, as employees carry out tasks out of the office.

The firm’s State of the Industry Report exposes information and data security risks threatening Canadian enterprises and small businesses, with the Shred-it Security Tracker survey also highlighting the fact that 85% of consumers say data protection is the most important thing when choosing a financial institution.

A further 64% of clients concede they are concerned about the security of their confidential information when banking online, while 37% are worried about providing information in-person at a branch.

Paul Saabas, senior vice president of Shred-it said that despite trends towards workplace mobility, “we don’t think that, based on the survey findings, that Canadian businesses are implementing the proper data protection policies and staff training, which heightens the risk of a data breach”.

He added: “It’s been a trust industry for a long time and there have been enough examples of where trust has been lost and those businesses don’t exist anymore.”

Last month, two of Canada’s Big Five banks admitted they had been involved in a cyber security attack, with the Bank of Montreal and CIBC’s Simplii Financial online service having tens of thousands of customers’ details hacked.

Saabas said that this just ties into the fact that the industry needs to provide consumers with the certainty that their data is not being subjected to this possibility, or risk losing their business.

He said: “BMO and CIBC are indicators that certainly help, highlight and bring it forward. Undoubtedly, I think that the issues in many organizations I’ve seen over 11 years in the shredding business is that a lot of times they say, yes, they know they need to do something. However, it takes an event to make it happen.”

Saabas said the survey shows this is the biggest concern among investors and consumers, and said that horror stories put the frighteners up people. “A person wants to make sure that what they’ve saved and invested continues to be theirs, and doesn’t belong to someone else because they got hacked.”

He also emphasizes that, in Shred-it’s view, Canadian businesses are not implementing the proper data protection policies and staff training around workplace mobility, which 76% of consumers believe increases the chance of a data breach. He said this is particularly relevant when dealing with millennials, who are “very loose” when it comes to their information while working.

Saabas said there are four areas that companies can address to minimize this risk, with the most important being to develop a mobile device corporate policy, with password protection on laptops, phones and further protection around Wi-Fi hackers.

Other pointers include: securing physical access to the information; evaluating third-party access to information and auditing the security and policy or vendors; and having a proper hard drive destruction policy.