Employers have been urged to communicate their IT security policies more effectively after a survey revealed that ignorance and lack of understanding were major factors behind security breaches suffered by organisations.
In a poll of 2,000 office workers by software security company Clearswift, one in four felt that their company “could be better” at communicating guidelines, with 63% blaming ignorance or a lack of understanding for security breaches suffered by their organisation.
One-third of those surveyed said that they had not received any training on IT security since joining their firm. Clearswift warned this was “particularly concerning” considering that more than two-thirds (62%) of respondents joined more than five years ago – “a virtual lifetime” in technological terms.
Almost one in seven people fear that they may be breaching corporate policy, albeit inadvertently, as a result, the survey shows.
Richard Turner, chief executive at Clearswift, said: “It’s time for companies to get to grips with making a policy a living, breathing part of their business that is relevant to everyday corporate life – not just a tick in the box when it comes to an induction period.
Sign up to our weekly round-up of HR news and guidance
Receive the Personnel Today Direct e-newsletter every Wednesday
“All too often, a policy is simply a document that is referred to only when something goes wrong – almost proof that someone ‘should have known better’,” he added.
“There is little or no point in having an IT security policy in place unless staff across the business are fully aware of it and, more importantly, understand the reasons why the rules are in place. Policy, not policing, is the answer to ensure confidence is well placed to tackle the challenges that organisations face.”
