Lack of training leads to serious security lapses

Confidential
company information is leaking out of organisations because of a lack of staff
training, according to a report.

Almost
half of employees have never received any formal security awareness training,
while a third of organisations do not require staff to read security policy
statements.

The
report, by PentaSafe, also reveals that a quarter of the 13,048 employees
surveyed have not read their company’s security policy over the past two years
and in many cases the document was not readily available.

David
Blackman, marketing director at PentaSafe, which carried out the survey, said
employers need to invest more in training staff on security matters.

"There
is a huge lack of security awareness and it comes from a lack of education and
training," he said. "Companies will train staff how to sell, but they
are selling themselves short with a lack of security training.

"HR
and IT need to talk to each other. Security training should be central to every
employee induction. Policies should be communicated so employees are aware of
the procedures. There should be an online system so staff can report breaches
of security via a secure and private network."

The
survey shows that seven out of 10 firms admit that they have not tracked those
staff who haven’t signed the company’s security policy.

Nine
out of 10 employees would open a dangerous e-mail attachment without realising.

Comments are closed.