Report: 5 insights into better information security policies

By Jonathan Hassell, on


Security is a journey, not a destination. You must constantly monitor and improve your systems. Employees should be enrolled early and often to strengthen your company’s information security practices, according to the 2016 Shred-it Security Tracker survey conducted by Ipsos.

Shockingly, the report found that 28 percent of small-business owners in the US had never trained their employees on any type of data integrity policy. As for the other 72 percent of businesses, “experts suggest that employees may forget 50 percent of training information within one hour of a presentation, 70 percent within 24 hours and an average of 90 percent within a week.”

The clear takeaway is that a couple of hours each year in a company meeting is simply not sufficient to instill good security practices into an organization. The following are some further insights and analysis from the security survey:

1. Security is as much about culture as it is about technology and process

Information security, in general, is a concept that requires enrollment on the part of the knowledge worker. Ask your employees to pledge to make the workplace more secure.

2. Training early and often is vital to implementing a culture of security

You can’t expect to simply make a presentation on security one time and see a complete workplace transformation as a result.

“Repetition and frequency are the keys to helping employees understand their roles and responsibilities around data management,” Shred-it Global Director Andrew Lenardon said in the report.

3. Visual cues and reminders are important in pointing out employees’ information security responsibilities

Whether you use signs in a breakroom, reminders on login screens or desktop backgrounds, regular short emails to drive home important policy updates or agenda items in regular meetings, putting security in front of employees is a key step.

4. Security starts at work, but good security practices should continue at home and in other remote locations

With employees increasingly working from home or otherwise accessing sensitive information in places outside your office, it’s vital that your information security policy takes these locations into account.

5. Integrate information security into your existing policies for easier and better compliance

The Shred-it report suggests adding a clean desk policy to ensure sensitive information is put away at the end of the day, as well as a “shred it all” policy that has documents destroyed by default.

Remember, in order to maintain a strong information security culture, your enterprise is going to need to develop the right culture and continue to follow up with more training and guidance.

About The Author

Jonathan Hassell

President, 82 Ventures

Jonathan Hassell runs 82 Ventures, a technical writing and consulting firm based in Charlotte, NC. He centers his focus around network administrator, security, the cloud, and mobile technologies.

Articles by Jonathan Hassell
See All Posts