Security education and training should be done as soon as possible to instruct new staff on policy

Education and policy teaching for new employees should be taught in the first few weeks of them starting.

Denis McCauley, director, global technology research at the Economist Intelligence Unit, claimed that the emphasis should be taken to teach new employees in the first few weeks.

Jon Collins, managing director of Freeform Dynamics, claimed that many new users will not see security as those in this sector do, and may undertake simple time and memory saving exercises such as writing their password on a post-it note.

Collins said: “A PIN password on a phone should be a must for everyone, but you only do it when you are told. This is the principle of 20 per cent of what is done that causes 80 per cent of the risk.”

Rik Ferguson, senior security advisor at Trend Micro, claimed that there was a need to see the point of training from both sides in order to make the process simple but effective. He said: “We need to be more aware of the position of training as the trainer and make employees aware that training is intended to protect themselves from a wider legal, HR or disciplinary fine. It is for their benefit and ours.”

Commenting, Professor Fred Piper of the information security group at Royal Holloway University of London agreed. He said: “People should be told about the security policy as soon as they arrive. They should know what is right but it does not need to be heavy.

“The policy should be explained about not sharing passwords or downloading material, and we need managed personal devices as that is very important, they need to make it plain. Security is like health and safety, it should just be there.”

Sign up to our newsletters