Employers need to educate employees on security policy

NEED : Employers need to educate employees on security policy

SC Staff

November 26, 2008

http://www.scmagazineuk.com/Employers-need-to-educate-employees-on-security-policy/article/121576/

Human error is the main security issue for IT directors.

According to research by Clavister, 86 per cent of IT directors believed that the most likely cause of an IT security issue came from their own employees.

The main reasons for this according to IT directors, were down to staff ignoring security policies and not being made aware of, or not being sufficiently trained on them, as well as making mistakes or committing industrial espionage.

Andreas Åsander, VP product management at Clavister, said: “The purpose of a security policy is rather simple - to keep malicious users out of a network while monitoring potential risky users within an organisation.

“To ensure compliance, however, is no simple task. Security policy documents tend to be very long and technical, and not written in a way which has meaning or importance for the average employee.

“For security rules to be adopted, users need to understand why they are important, and what the rules mean to them personally and professionally.”

Ed Gibson, chief security advisor at Microsoft UK, said: "An evaluation of data losses reveals a common theme - an unsecured device accidentally left somewhere. Training can help ensure our colleagues have the whereabouts of their devices at the forefront of their minds, and that proper encryption processes have been put in place."