Anew study, titled Security Awareness Training: It’s Not Just for Compliance, reveals that less than half of employees receive any security awareness training, a somewhat surprising fact in light of the endless press coverage concerning major data breaches and the prevalence of social engineering or just plain carelessness as key elements in many attackers’ successful infiltrations.
“Security is a key aspect of business in today’s world. Announcements are made daily about new data thefts, breaches, and other related security issues, many of which originate as attacks against the workforce,” the report states. “Accordingly, the importance of the human component of security has become increasingly obvious.”
Key findings in the study, which surveyed 600 respondents from both large and small organizations in the public and prvate sectors, includes:
- 56% of corporate employees have not been required to complete any security or policy awareness training
- 45% of those who receive training only do so once per year
“Organizations that fail to train their people are doing their business, their personnel and, quite frankly, the Internet as a whole a disservice because their employees’ not only make poor security decisions at work but also at home on their personal computing devices as well,” said EMA’s David Monahan.
The study also found that these same employees are regularly engaged in activities that require at least a basic level of security awareness to avoid the risk of compromising sensitive data, including:
- 59% store work-related information in the Cloud
- 58% keep sensitive information on their mobile devices
- 35% have clicked on links found in email received from an unknown sender
- 33% reuse personal passwords for their work devices
- 30% leave their mobile devices unattended in their vehicles
“People repeatedly have been shown as the weak link in the security program. Without training, people will click on links in email and release sensitive information in any number of ways. In most cases they don’t realize what they are doing is wrong until a third-party makes them aware of it,” said Monahan.
Read More Here…