Clearly the employees in the scenario above need to be reminded of the basics of policies. Explain to them the differences between a policy, a standard, and a practice, and how the three work together.

Transcribed Image Text:

Having policies in place can mitigate the risk of physical security breaches C-suites and SBOS (Small Business Owners) indicated external threats from vendors or contractors |(25% C-suites; 18% SBOS) and physical loss or theft of sensitive information (22% C-suites, 19% SBOS) are the top information security threats facing their business. Yet, the number of organizations with a known and understood policy for storing and disposing of confidential paper documents adhered to by all employees has declined 13% for C-suites (73% in 2019 to 60% in 2020) and 11% for SBOS (57% in 2019 to 46% in 2020). In addition, 49% of SBOS have no policy in place for disposing of confidential information on end-of-life electronic devices. While the work-from-home trend has risen over the years, the COVID-19 pandemic abruptly launched employees into work-from-home status, many without supporting policies. 77% of C-suites and 53% of SBOS had employees who regularly or periodically work off-site. Despite this trend, 53% of C-suites and 41% of SBOS have remote work policies in place that are strictly adhered to by employees working remotely (down 18% from 71% in 2019 for C-suites; down 8% from 49% in 2019 for SBOS). "As we adjust to our new normal in the workplace, or at home, it's crucial that policies are adapted to align with these changes and protect sensitive information," said Cindy Miller, president and CEO, Stericycle. "As information security threats grow, it's more important than ever that we help businesses and communities protect valuable documents and data from the risks of an information breach." Source: (Online] https://www.helpnetsecurity.com/2020/10/29/businesses-struggle-with-data-security-practices [Accessed on: 15 September 2021).