67% of UK Employees Flout Internal IT Security Rules



UK_Flag_shutterstock_1054452542Businesses are leaving themselves unnecessarily exposed to significant security risks, it’s claimed by a cloud and IT business continuity services company, According to Databarracks’ data health check over two-thirds of IT decision-makers believe their employees regularly flout internal IT security policies.

Peter Groucutt, managing director of Databarracks, says security awareness training is still a critical form of defence against cyber-attacks. “People are often the weakest link in the information security chain and to prevent your organisation being caught, it’s important you make employees aware of the risks. Our research has revealed two-thirds (67 per cent) of IT decision-makers believe their employees regularly circumvent company security policies.”

Groucutt adds: “Employees flouting security policies are never deliberately threatening the business – either they don’t know the possible consequences of their actions or feel too restricted by the policies in place. In any case, this neglect for security leaves an organisation exposed to threats.

“To reduce the danger, there are practical steps an organisation can take. Firstly, to develop a culture of shared responsibility, where the cyber security burden doesn’t just rest with the IT department. We understand this in the physical working environment – an unknown person would not be allowed to walk in to an office, and start taking belongings unchallenged – so why should digital security be any different?

“Secondly, lines of communication between the IT department and the rest of the business need to improve. For users to feel like they are part of the solution, they need to be aware of the ongoing battle IT face. Often, IT teams handle incidents in the background with only key senior individuals being informed, but if threats aren’t communicated internally to all employees, they won’t know how to change their behaviour in future. The IT department has a responsibility to educate the entire business on why an incident took place, what the implications were and, most importantly, what can be done to prevent this from happening again.

“When security processes hinder an employee’s performance, they will often find a way to get around them to get a job done quicker. To avoid staff taking the easy route security must be built into an organisation’s overall strategy and communicated down through employees’ objectives. Equally, IT need to be receptive when policies are flagged for being too restrictive. That creates the dialogue and an understanding of a shared goal for IT and users.

“Finally, regular training and education is vital. Awareness training is typically only carried out annually or as part of an initial induction, but this should be increased. Employees need ongoing security refreshers throughout the year, at least twice annually, to address any new threats, and ensure security remains front of mind.”

The report covers causes of data loss for businesses; and what companies fear in the event of an IT disaster. You can find it here: Source: https://www.databarracks.com/resources/data-health-check-2019


Don’t get hacked by social media phishing attacks!

Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

SPT-monitorHere's how the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/social-media-phishing-test



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews