The majority of businesses still hold the end user liable if they cause a security breach, despite legislation which deems the employer responsible, according to new research by McAfee.The study, which sought the views of more than 1000 SME businesses across Europe, shows that 55 per cent of organisations surveyed believe an employee should be held accountable for a personal email that spreads a virus on the company network. Similarly, more than two-thirds (67 per cent) of respondents view a stolen laptop as the responsibility of the employee.
The results illustrate a discrepancy between the views of employers and the outcome of many cases, where the company is often held responsible for security breaches, even if the actions of a member of staff caused the incident, the report said.
While the research found that 70 per cent of respondents believe that employers are more sensitive to risks associated with new starters than they were three years ago, only 28 per cent of businesses have guidelines for employees on the use of portable storage devices, 23 per cent for mobile laptop practice and 39 per cent for email content and language. Furthermore, just under a third (32 per cent) of businesses surveyed said that they have IT security as an aspect of employee induction.
“Although many businesses make a priority of staff induction, many are failing to effectively cover a major part of any employees working life, their PC and internet usage policies,” said Greg Day, security analyst at McAfee.
“Companies are failing to capture the opportunity presented by new starters to instil a sense of vigilance and security into the workforce. This oversight, coupled with a clear lack of enforcement increases the risk of new employees either consciously or inadvertently breaching corporate security protocols.”
He added: “The key issue is to strike a balance between policing employee activity, allowing staff autonomy and maintaining an open and constructive relationship with the worker base.”
Last month, the Nationwide building society was fined almost £1 million for security breaches after a laptop was stolen from an employee’s home last year. The Financial Services Authority (FSA) found that Nationwide had failed to put in place “adequate information security procedures and controls” and, as a result, had exposed its customers to the risk of financial crime.