A recent survey of full-time employees highlighted the gap between company IT security policy and the awareness and effectiveness of that during day-to-day practices.
28%
28% of employees don’t know whether their company has a cybersecurity policy.
52%
52% of companies said they did have an active cybersecurity policy for their staff
Only 7% of full-time employees below management level recognise that they might be the weakest link in your companies data security, and only 36% of all full-time employees identified cyber security as a threat to their company.
Worryingly many staff still use very poor passwords or no passwords at all to secure their user accounts.
There is widespread use of shared accounts and passwords in many office environments, and less than 12% of companies have or enforce a password complexity and password confidentiality policy.
Passwords should have to meet simple ‘complex’ criteria, like not recycling passwords, avoiding common words or sequential letters or numbers, and using a mix of cases and punctuation.
Password confidentiality should also be enforced so no user should ever have to disclose their account password even to management
The use of appropriate access control will give users the ability to perform their jobs without need to know another users account details.
Access should always be granted from the bottom up, so the minimal set of permissions is given. No user should have full access to the network so no single user account, if compromised, can take control of all your data.
Despite being the single most successful vector of attack in all sizes of businesses, email security and email cyber-awareness is still massively overlooked.
37%
Only 37% of companies have addressed the security of emails being sent from their business. %86 of companies do check their outgoing and incoming emails for virus threats either at the gateway or on the desktop.
76%
76% of companies allow users to access their email from their own devices, such as smartphones or tablets, but only 44% of those enforce a remote wipe policy to delete the information if the device is lost.
61%
61% of employees said that they have fallen victim to a fake email at work, either opening an attachment that contained malware or taking action on the content such as changing the bank details of a supplier before processing a payment.
Cybersecurity is not a departmental thing, it’s a business wide set of procedures and policies that can help protect your company and your data. You need all members of staff to be involved from the creation to the delivery.
It’s not a one off task either, users should be regularly updated on cyber security issues, and your cybersecurity policy should be updated to reflect your business, your clients and suppliers and the greater cybersecurity landscape.
We can help you create your policies and procedures to help keep your data safe.
Contact us to find out about our range of cybersecurity services.
Leave a Comment