Businesses are giving users greater freedom with corporate IT systems, according to a recent report, but many of those users lack the necessary security training.
The study, conducted by a consortium, led by PricewaterhouseCoopers, found that firms are placing greater trust in their staff. Seven out of eight firms now have information security policies in place according to newly released findings from the annual Information Security Breaches Survey (ISBS). Those policies are loosening controls over users.
Almost 55% said they allow staff to remotely access systems – a rise of 19% from last year’s study – while the number of businesses restricting internet access to some staff only has nearly halved from 42% to 24%.
Training staff in security basics is an essential part of any information security strategy, argued Martin Smith, chief executive of The Security Company. “The industry is dominated by technology and technologists … but I’ve never seen a computer commit a crime; it’s always people,” he argued.
Smith added that long term behavioural change programmes are the best way to mitigate risk in this area, but most firms are unable to find budget to support such initiatives because “they’re hard work and fairly intense”.
Subscribers 0
Fans 0
Followers 0
Followers