Site Logo

Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Skip to main content
Melissa Fray
September 12, 2022

The rapid shift toward remote work environments fueled by the COVID-19 pandemic has left many small businesses struggling to protect sensitive data, according to a recent report by information security provider Shred-It. The company’s Data Protection Report 2022 spoke with several small business leaders (SBLs) regarding data security practices across all industries, including healthcare. The report classifies small business as having between 15-100 employees.

The average cost of a data breach in 2021 rose 26.8-percent in comparison to 2020, as malware, phishing, and ransomware attacks became more prevalent throughout the switch to remote and hybrid work.

“Even though the vast majority of SBLs (91%) believe that physical and digital data protection are equally important, many of them (53%) assert that digital risks are the greatest data protection risk to their business today,” the report states. “Only 27-percent of SBLs say they collect and destroy sensitive materials when no longer needed.”

Shred-It provided insight into common data security practices, and the percentage of surveyed SBL’s that use them:

Physical Data

Collect and destroy sensitive materials when no longer needed (27%)

Digital Data

Deploy antivirus programs (40%)

Provide frequent software updates (28%)

Implement two-factor authentication (25%)

Deploy automated security defenses to detect, investigate, and remediate data security threats (24%)

Both Digital and Physical Data

Limit sharing of data with third parties (28%)

Provide data and information protection training for employees (27%)

Conduct vulnerability assessments (23%)

Implement and enforce record retention and destruction policies (23%)

Establish incident response plans (20%)

Prevention and Response

67-percent of participating SBLs fear their employees don’t know best practices to prevent a breach, while 66-percent feel employees don’t know what actions to take in reaction to a breach.

The data shows response and prevention are major areas of concern for SBLs who participated in the study. The lack of preparedness among employees increases the risk of successful attack, whether due to outsiders or internal mistakes. Further data shows that, according to SBLs, 55-percent of data breaches came from outside attackers, while 45-percent were due to internal mistakes. Attacks due to internal attackers (31%) and partner/supplier attacks (16%) were also mentioned.

One way to reduce the risk of errors or attacks is consistent training, however, SBLs fear the language and content is too complicated to properly express the information in an understandable way. 8 in 10 SBLs wished there were a simpler option for data security awareness training, while 50-percent lack a reliable source to consistently maintain data and information protection policies and trainings.


2 out of 3 participating SBLs have spent more money on data security in 2022 than ever before. With an ever-growing risk of cyberattacks, particularly in the healthcare industry, ASC and private practice leaders should be on constant alert for new threat vectors and updated training programs for employees. A breach of personal patient data can result in lost time and profits and place your business at risk for further harm.

To learn more about data security and information technology check out these related articles:

Protecting your network from cybercrime

Enhancing information infrastructure