56% of employees still receive no security awareness training
Posted on 09 April 2014.
A new research survey by EMA takes you inside today’s organizations to reveal how employee decisions related to information security can significantly increase organizational risk. The report examines the implementation of security awareness training in government, public and private companies and non-profit groups.

According to employee responses in the survey report:
  • 30% leave mobile devices unattended in their vehicle
  • 33% use the same password for both work and personal devices
  • 35% have clicked on a link in an email from an unknown sender
  • 58% have sensitive information on their mobile devices
  • 59% store work information in the cloud.
Some of the reported behaviors present inherent risks, while others depend on contributory factors like the failure to use device or data encryption.

Fifty-six percent of corporate employees, excluding security and information technology staff, have not had security or policy awareness training from their organization, while 45% of employees received training in one annual session. Without the foundation of on-going security awareness training, employees don’t receive the critical security information they need to make secure choices.

EMA Research Director David Monahan said: “People repeatedly have been shown as the weak link in the security program. Without training, people will click on links in email and release sensitive information in any number of ways. In most cases they don't realize what they are doing is wrong until a third-party makes them aware of it."

"In reality, organizations that fail to train their people are doing their business, their personnel and, quite frankly, the Internet as a whole a disservice because their employees’ not only make poor security decisions at work but also at home on their personal computing devices as well," Monahan added.

Sixty-six percent of employees responding to the survey said it is important that training materials are easy to understand; and 59% say that interactive activities are important.

“While today’s organizations continue to harden their infrastructure to protect against the latest cyber threats, this report reveals that they too often fail to arm their employees with the critical information needed to avoid a data breach, prevent phishing, or report a possible security incident,” said Craig Kunitani, COO with Security Mentor. “Every organization should make security awareness training part of its defense in depth strategy. Many of our customers report they’ve had great success in educating their staff using our security awareness training program because of our brief, interactive, and informative lessons.”





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //