Despite an increased focus on cybersecurity awareness in the workplace, employees’ poor cybersecurity habits are getting worse, compounded by the speed and complexity of the digital transformation as found in a recent survey of 1,600 global employees carried out by Vanson Bourne.
A worrying finding highlighted by the survey was that 75% of respondents admitted to reusing passwords across accounts, including work and personal.
Organizations are at varying stages of the digital transformation, and that evolution has presented an increasingly complex IT environment to manage securely. Yet the survey findings points to a workforce who are less committed to security best practices. This has not only introduced more risk, but also a sense of frustration between the IT team trying to secure and enable the business and users who want to work more efficiently.
Over half (55%) of survey respondents stated their IT department can be a source of inconvenience in their organization. This leads to employees skirting IT policies, such as the 31% who admitted that they have deployed software without IT’s help (i.e. ‘shadow IT’).
Efforts to get around IT may not necessarily be done with malicious intent, but the reality is they directly increase IT risk for the organization. For example, 13% of employees admitted they would not immediately notify their IT department if they thought they had been hacked.
Further compounding this issue is a workforce that tends not to understand the role of all employees in keeping an organization secure, as 49% of respondents would actually blame the IT department for a cyberattack if one occurred as a result of an employee being hacked.
With the introduction of GDPR earlier this year, it is vital that businesses do not remain complacent, ignorance is no excuse and there are serious consequences should a security incident occur.
To address the increased risk to your business, staff who remain the front line of your security defence require appropriate training to understand how their actions or omissions can have a serious impact on cyber security.
We have developed a range of courses that help staff to understand the basic principles of cyber hygiene such as the use of secure passwords, how to adhere to IT security policies, using wifi when remote right through to how they can be targeted and manipulated by a hacker in their own personal life in an attempt to breach secutity defences.
"Organisations should train their staff to be aware of phishing, vishing & impersonation."
ICO Staff training Guidance for GDPR