McAfee worried that SME security training lacks impact

McAfee is worried that SMEs that have trained staff around security matters are still not seeing an improvement in attitudes towards threats

The biggest security threat for SMEs continues to come from their own employees with internal problems still occurring even though there have been more efforts to improve user education.

McAfee surveyed small firms and found that despite 68% making a concerted effort to educate staff about security risks just shy of 25% continued to be worried about the prospect of breaches.

The vast majority of UK SMEs, 80%, agreed that digital data was the main business asset and half handled client contact data and almost a third of staff believe their colleagues are the most likely threat to that data.

But only 11% have experienced security incidents as a results of colleagues and 5% even put their own hands up and admitted they had been the cause of problems.

The main concern for McAfee was the lack of impact that training appeared to have on preventing breaches raising questions about the way that cyber threats were being discussed at work.

“The study reveals a disconnect between SMEs’ efforts to make security part of their employees’ mindset and employees recognising it as part of their responsibility,” said Raj Samani, CTO, McAfee EMEA.

“For employees to say cyber security is not their concern is not acceptable. Cyber security is a shared responsibility: Owners, managers, IT professionals, employees and security providers alike must work together to stop cybercrime. More than a third of global targeted attacks are now aimed against small businesses, so SMEs clearly need to do more to educate employees to make them understand the responsibility carried by each individual."

“Employees play critical roles in protecting customer records, intellectual property and critical business data”, added Samani. “Investments in hardware or software are in vain if employees don’t follow the rules. If there are any rules or guidelines, that is to say.”

Read more on Data Protection Services