maxkabakov - Fotolia
More than four in 10 UK workers regularly use passwords to secure home documents, but only one in three do so at work, a survey has revealed.
In a further sign of disparity in employee attitudes to work and personal data, 68% of workers said they shredded unwanted personal documents, while just 40% do so at work, according to a poll of 2,000 full-time workers in the UK commissioned by secure access firm Citrix.
The survey’s findings suggest that employees expect an IT safety net to protect them at work, while they are more willing to take responsibility for their own security at home.
“This gap highlights that more needs to be done to both educate employees about their security obligations, as well as informing IT strategies about the behaviour they should be prepared for,” said Chris Mayers, chief security architect at Citrix.
“Employers have a responsibility to provide the tools and safeguards: employees need to use them. Protecting a company’s digital assets is a two-way street.”
The survey also revealed a disparity between younger and older workers in their attitudes towards data security, with 59% of over-55s saying they only use work devices with trusted company security software, compared with just 47% of 25 to 34-year-olds.
“This more relaxed approach to device security from the younger generation has the potential to cause significant disruption if devices with access to the company network become compromised,” said Mayers.
“Alongside investment in technology, companies need to educate employees across age groups about their security and compliance obligations to ensure they don’t become part of yet another high-profile data breach.”
Read more about security awareness
- The PCI security council has published a guide to help organisations better educate employees on information security.
- Cyber security awareness is still in its infancy in most organisations despite the quick returns it can deliver, says the Sans Institute.
- A continual security awareness training programme is important for an enterprise’s culture.
- Security awareness training can be effective, but how should enterprises select the right third-party programme?
A study published by Axelos in March 2016 found that UK organisations are putting their reputation, customer trust and competitive advantage at greater risk by failing to give their staff effective security training.
The research report said this finding is a cause for concern, especially as 75% of large organisations and nearly one-third of small organisations suffered staff-related security breaches in 2015, with 50% of the worst breaches caused by human error, according to the UK government’s 2015 information security breaches survey.
Nick Wilding, head of cyber resilience best practice at Axelos, said: “Despite organisations continuing to invest heavily in technology to better protect their precious information and systems, the number and scale of attacks continues to rise as they discover there is no silver bullet to help achieve their desired level of cyber security.
“They often underestimate the role their employees – from the boardroom to the frontline – can play. Staff should be the most effective at security control, but are typically one of the greatest vulnerabilities.”