The importance of IT security awareness is widely acknowledged by security professionals, but not many organisations are doing it effectively, it emerged at a security forum at London law firm Field Fisher Waterhouse.
The problem appears to be three-fold. First, not all UK organisations have IT security awareness training programmes in place. Second, even if organisations have training programmes in place, employees do not pay them much attention. Third, many of the programmes are out of date.
Social networking and use of consumer computing devices represent a growing source of security risk to many businesses in the UK, yet relatively few IT security awareness programmes even include these issues, says James Lyne, director of technology strategy at security firm, Sophos.
Standards, laws and regulations around privacy and security typically lag real world situations, but businesses have it within their own power to ensure their IT awareness programmes do not.
Why would any business neglect the opportunity to ensure employees are aware of the risk of using social networks and consumer computing devices to ensure responsible behaviour and practices involving corporate data?