Lack of training leads to serious security lapses

Confidential company information is leaking out of organisations because of
a lack of staff training, according to a report.

Almost half of employees have never received any formal security awareness
training, while a third of organisations do not require staff to read security
policy statements.

The report, by PentaSafe, also reveals that a quarter of the 13,048
employees surveyed have not read their company’s security policy over the past
two years and in many cases the document was not readily available.

David Blackman, marketing director at PentaSafe, which carried out the
survey, said employers need to invest more in training staff on security
matters.

"There is a huge lack of security awareness and it comes from a lack of
education and training," he said. "Companies will train staff how to
sell, but they are selling themselves short with a lack of security training.

"HR and IT need to talk to each other. Security training should be
central to every employee induction. Policies should be communicated so
employees are aware of the procedures. There should be an online system so
staff can report breaches of security via a secure and private network."

The survey shows that seven out of 10 firms admit that they have not tracked
those staff who haven’t signed the company’s security policy.

Nine out of 10 employees would open a dangerous e-mail attachment without
realising.

Comments are closed.