Recent research from Cisco has found that UK businesses are still overlooking the biggest threat to their information security: their own staff.
The Cisco survey of more than 1,000 UK employees aimed to uncover attitudes towards information security and the IT department’s role. It found that ignorance of corporate security was shockingly widespread and that complacency about information security threats was rife.
A lack of staff awareness is a major problem: only 61% of respondents thought their company had a security policy, but 48% claimed they weren’t concerned about it as it didn’t affect them. 37% said they only became aware of a corporate security policy when their security settings stopped them doing something.
Only 58% of respondents to the survey were aware of security threats and the risk they pose to corporate information, and an alarming 39% said they thought it was the company’s responsibility to protect data, not theirs. More alarming still, 62% said they thought their behaviour only had a low to moderate impact on security.
All of the respondents said they used their company network for personal reasons: 79% performed personal banking and 75% shopped online while at work.
This disregard for data security seems to be isolated to the workplace, however: twice as many said they were more careful about data security at home (24%) than they were at work (12%).
Staff awareness training
Staff awareness is an essential component of an effective information security posture. Not only do you need to have the technology and processes to respond to information security threats, you need to ensure your staff are properly trained to implement them.
All staff can be made aware of their security obligations with our staff awareness courses:
IT Governance’s Information Security Staff Awareness E-learning Course aims to familiarise non-technical staff with information security policies and procedures, thereby reducing the organisation’s susceptibility to attack.
Our Information Security & ISO 27001 Staff Awareness E-learning Course enables employees to gain a better understanding of information security risks and compliance requirements in line with ISO 27001, the international information security standard.
|If you’re concerned about your organisation’s susceptibility to staff security threats, you need to ensure that everyone in the organisation behaves responsibly. Click here to find out more about information security staff awareness e-learning or call us on 0845 070 1750 to arrange a free demonstration.