Over two thirds of UK employees are unaware of IT security threats that could affect them, a survey by security firm Kaspersky Lab has revealed.
The survey findings highlight the importance of ensuring employees are properly educated when it comes to security, said David Emm, senior security researcher at Kaspersky Lab.
Despite the sophistication of today’s malware, cyber criminals often seek to exploit human weaknesses to spread their code. This is why it is concerning to see the low level of awareness regarding potential IT security threats, Emm said.
People are susceptible for a variety of reasons, says Emm. Sometimes they simply do not realise the danger; sometimes they are taken in by the lure of something for nothing; and sometimes they cut corners, such as using the same password for all online accounts, he said.
According to Emm, businesses often ignore the human dimension of security, and even if the need for staff awareness is acknowledged, the methods used do not achieve positive results.
“We ignore the human factor in corporate security at our peril, since it is all too clear that technology alone cannot guarantee security,” he said.
Security awareness initiatives should bear in mind that employees are not security experts and should marshal the resources of communications experts such as HR and marketing, not just security, says Emm.
“It is equally important to develop imaginative approaches that go beyond simply creating a list of dos and don'ts and asking staff to sign a policy document when they join the company,” he said.
Kaspersky recommends IT managers should follow these three steps:
- Put in place clear rules for using IT;
- Regularly inform employees of new IT threats; and
- Hold regular training workshops to teach small groups of employees how to use IT securely.