A lack of IT security awareness remains a worrying reality for businesses around the world, according to a recent study of consumers conducted by Kaspersky Lab and B2B International. The research found that just one tenth (12%) of employed respondents are fully aware of the IT security policies and rules set in the organizations they work for. This, combined with the fact that half (49%) of employees consider protection from cyberthreats a shared responsibility, presents additional challenges when it comes to setting the right cybersecurity framework.
The study of 7,993 full-time employees which asked about policies and responsibilities for corporate IT security also revealed that 24% of employees believe there are no established policies in their organizations at all. Interestingly, it seems that ignorance of the rules is no excuse, as around half (49%) of the respondents think all employees, including themselves, should take responsibility for protecting corporate IT assets from cyberthreats.
However, as another study from Kaspersky Lab proved, sometimes staff do exactly the opposite. According to the report “Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within”, careless personnel contributed to the attack in 46% of cybersecurity incidents within the last year.
This discrepancy could be particularly dangerous for smaller businesses, where there is no dedicated IT security function and responsibilities are distributed among IT and non-IT personnel. Neglecting even basic requirements, such as changing passwords or installing necessary updates, could jeopardize overall business protection. According to Kaspersky Lab experts, top management, HR and finance specialists who have access to their company’s critical data are usually most at risk of being targeted.
To deal with this problem, small and medium-sized businesses would benefit from regular IT security awareness training for staff and from products tailored to their specific needs. For example, Kaspersky Endpoint Security Cloud includes features such as preconfigured security settings, immediate protection across all devices and easy management capabilities that do not require in-depth expertise from its administrator, thereby reducing the burden on overstretched IT teams.
“The issue of unaware staff can be a major challenge to overcome, especially for smaller businesses where a cybersecurity culture is still being developed. Not only can employees themselves fall victims of cyberthreats, but they are also obliged to guard their company from those threats in the first place. In this regard, businesses should pay attention to educating staff and introducing easy to use and manage, but still powerful solutions that make this achievable for those who are not experts in IT security,” said Vladimir Zapolyansky, Head of SMB Business at Kaspersky Lab.