People should be used to identify security issues, as businesses become more aware of risk and attack issues

News by Dan Raywood

Employees should be the first line of defence against damaging security incidents rather than them thinking that it is someone else's problem.

Employees should be the first line of defence against damaging security incidents rather than them thinking that it is someone else's problem.

A report by PricewaterhouseCoopers (PwC) has suggested that the response of organisations to improving protection and reducing risks has historically been strongly biased towards further investment in technology. However only 48 per cent of organisations questioned in the UK have an employee security awareness programme, as efforts to improve security often create cumbersome processes that get in the way of people doing their jobs.

It claimed that a solution to autonomous security functions is to invest in people and make them the first line of defence - rather than the cause - of security incidents.

Craig Lunnon of OneSecurity at PwC, said: “Technical solutions are too frequently being prescribed for people problems. Although technical defence is vital, systems are inherently vulnerable to both negligent and malicious acts by people. Ignorance, confusion, anger or even curiosity can all give rise to incidents.

“The goal is that all those working for an organisation are alert to risks, will want to act to protect information and will be actively supported in doing so. As the first line of defence, security-aware employees are often best placed to identify a potential breach or weak link. Equally, they can prevent and reduce the impacts of incidents when they do occur.”

Research by Symantec has found that small to medium sized businesses (SMBs) are now considering the protection of information to be their highest priority, with 67 per cent of businesses considering data loss to be an important risk to their organisation and 60 per cent saying the same for cyber attacks.

Symantec's director of small business UK and Ireland, Ross Walker, claimed this was encouraging to see issues taken more seriously, but there was more work to be done when it comes to protecting information on mobile devices.

He said: “The statistics regarding devices being taken ‘on the road' are particularly concerning given 70 per cent of businesses surveyed in EMEA don't protect their mobile devices. These organisations, and the 30 per cent of firms who don't password protect their laptops, are running the very real risk of harming their businesses and reputations through losing confidential data by accident.”

The warning of protecting mobile devices has been enhanced further following the declaration that the Apple iPhone is not to be used for sensitive official communications.

Simon Ford, sales director Europe at NCP Engineering, said: “Up until now companies would say ‘don't allow it', but as devices become more prevalent they need to be protected. Then a big boss or director will get one so they have got to be protected, and it moves from the top down.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews