C-suite executives are calling for stricter legislation on data security, while small-business owners are grossly underestimating its importance, according to a new, independent survey from Ipsos Reid, commissioned by information security company Shred-it.

According to the study, 95 percent of C-suite respondents are 18 percent more aware of the legal requirements of storing, keeping and disposing of confidential data than small business owners (77 percent).

Although it does mark a 1 percent improvement from 2011, 35 percent of small-business owners do not have a known or understood protocol in place for storing or disposing of confidential data.

In terms of training, 27 percent of C-suite respondents train staff twice a year on the company’s information procedures, while 28 percent of small-business respondents do not train their staff on these protocols at all, the study reported.

Sixty-one percent of the C-suite respondents have a management-level employee responsible for managing the company’s data security issues.

Forty-six percent of small-business respondents did not have anyone directly responsible for mitigating risks, and 12 percent of respondents in 2012 reported that they did not have an employee directly responsible for managing data security.

More than half, 55 percent, of C-suite executives were in favor of and would encourage a new data privacy law in the U.S. that requires stricter compliance, the report says.

Thirty-three percent of C-suite respondents said that lost or stolen data would result in severe financial impact, and such a loss would harm their credibility as a whole.

Surprisingly, 51 percent of small-business respondents said that lost or stolen data would not seriously impact their business. Small-business owners were less concerned with data loss in 2012 than in 2011, with a 7 percent decrease.

Forty-seven percent of C-suite respondents have both locked consoles and a professional shredding service for sensitive documents. Fifty percent of small-business respondents do not have secure locked consoles and often use in-office shredding instead of a professional shredding service, the report says.

And although 67 percent of C-suite respondents and 52 percent of small-business respondents erase, wipe or degauss the content on data-storing electronics, their confidential data is still susceptible to breach, the study summary says.

The summary offers several tips and best practices for both small and large businesses to safeguard their information:

  • Analyze possible security gaps in the organization and work with security experts to assess existing security systems.
  • Implement ongoing risk analysis processes and create a policy specifically designed to limiting exposure to fraud and data breaches.
  • Regularly train employees in proper document management and encourage the adoption of best practices across the board.
  • Utilize special locked consoles to house sensitive documents and materials that are waiting to be properly shredded.
  • Implement a “shred-all” policy so all unneeded documents are destroyed on a regular basis.
  • Don’t overlook hard drives on computers and photocopiers. Physical hard drive destruction is the only proven way to destroy 100 percent of the data permanently.
  • Have up-to-date and effective computer network protection, including anti-virus software and a firewall.
  • Hire a reliable vendor who is well-informed and keeps your business compliant with pertinent legislation and training requirements. 

Click here to view an infographic that describes C-suite and small business facts on data security.