Most IT decision-makers believe their employees are deliberately circumventing internal security policies thus putting the entire organisation at risk of cyberattacks.
This is according to a new report by Databarracks, which claims that employee training is still the best and most important way to protect a company against potential attack.
“People are often the weakest link in the information security chain and to prevent your organisation being caught, it’s important you make employees aware of the risks,” commented Peter Groucutt, managing director of Databarracks.
“Our research has revealed two-thirds (67 per cent) of IT decision-makers believe their employees regularly circumvent company security policies.”
Groucutt believes employees are mostly oblivious to the dangers. He thinks they’re not deliberately trying to put their business in harm’s way – they either don’t know the possible consequences, or feel too restricted to begin with.
Organisations should develop a culture of shared responsibility, Groucutt continues, saying the communication between the IT department and the rest of the business also needs improvements.
“Finally, regular training and education is vital,” he concludes.
“Awareness training is typically only carried out annually or as part of an initial induction, but this should be increased. Employees need ongoing security refreshers throughout the year, at least twice annually, to address any new threats, and ensure security remains front of mind.”
Phishing is considered one of the most popular ways of compromising a computer network and it all starts with a gullible employee, clicking a link in an email, or downloading a malicious attachment without consideration.