sábado, 27 febrero 2021
Visitas totales a la web: 86374779

El portal de los profesionales de seguridad y emergencias

Nº 1 del mundo en español en seguridad global

Soluciones de seguridad global

Remote Workers Admit Lack of Security Training

Dan Raywood

A third of remote working employees have not received security training in the last six months.

According to a survey by NinjaRMM of 400 remote workers in the UK across multiple industries, while 83% have had access to security best practice training and 88% are familiar with IT security policies, 32% have received no security training in the last six months.

Also, 50% spend two or more hours a week on IT issues, and 42% felt they had to go around the security policies of their organization to do their job.

According to Lewis Huynh, CSO at NinjaRMM, as COVID-19 introduced a seismic change to how security and IT operations are conducted at most businesses, “IT teams have been stretched thin to maintain normal operations and that means things like security training may have taken a lower priority.” He claimed that this is a mistake, as remote work has introduced more threats, not less.

“Ultimately, the decision to deploy security training to staff comes down to leadership, and if there’s one thing we learned from this report it’s that leaders should be doing more to prioritize basic security hygiene,” he said.

Commenting, Tim Mackey, principal security strategist at Synopsys CyRC, said for some organizations, security training is an annual affair that aligns with other compliance training.

“The worrying statistic is the 32% who state their last training was over a year ago, or that it’s not yet happened,” he said. “It is however quite important to recognize that for many businesses the pandemic has required reassessments of spending priorities, with the potential that, for some, training programs of all forms might be viewed as luxuries.”

Regarding the statistic that 42% of respondents said they have to go around the security policies of their organization to do their job, Infosecurity asked if this shows a poor engagement with the workforce, and what could security and the business be doing better?

Huynh said: “Looking at the reasons why employees are breaking the rules can help explain some of this. The top three reasons given for why they broke the rules were that personal accounts were more convenient, the IT department was too slow to respond to their needs and the security policies were too restrictive on their productivity. So, we’re seeing friction between staff and IT that suggests a breakdown in processes is occurring.”

Javvad Malik, security awareness advocate at KnowBe4, agreed that this shows poor engagement or forming of policies, without understanding the users’ needs. “Policies should not be set in stone,” Malik said. “What was a workable policy a few years ago, may not be fit for purpose today. Security departments should regularly engage with the business units of users who are subjected to the policies in order to find out any pain points and work collaboratively with them to find efficient ways of working as opposed to being the ‘department of no.’”

Elsewhere, the report claimed remote working had caused a 39% increase in the use of cloud services, and a 35% increase in the number of devices, while 75% of those polled said their IT security policy covers unapproved software, hardware and cloud services on work devices.

Malik said while it is good to have awareness of policies, it does not mean much if people do not care about them or, as the report states, if 42% are going around the policies, it does not matter if they are aware. “So, organizations should not just make their employees aware of the security policies, but encourage feedback and understand the effectiveness of policies and tweak where necessary.”

Huynh said the statistic that 88% are familiar with IT security policies was “one positive finding from the report as it suggests that security teams have done a good job at making security policies accessible and understandable.”

He added that policies should also cover the use of unapproved software and hardware, which, from this report, we learned that not every policy does. These seemingly small actions are important as the rapid shift to remote work has introduced new risks that require frequent training and continuous improvement of the security policies in place.

Fecha de publicacióndiciembre 01, 2020

BELT.ES no se hace responsable de las opiniones de los artículos reproducidos en nuestra Revista de Prensa, ni hace necesariamente suyas las opiniones y criterios expresados. La difusión de la información reproducida se realiza sin fines comerciales. 

Listado de Expertos

Recomendado

Profesión militar: Obediencia debida frente a la obligación de disentir

Con ocasión de la realización de estudios en el Instituto Universitario Gutiérrez Mellado tuve la ocasión de leer y analizar una serie de documentos de opinión que trataban en profundidad las diferentes facetas presentes en el campo de las relaciones cívico-militares; temas que , habitualmente, no han estado presentes en los diferentes cursos y actividades formativas en la enseñanza militar, ni, por supuesto, en la civil.

El paracaidista español que humilló a los «temibles» espías soviéticos

Joaquín Madolell, natural de Melilla y militar del Ejército del Aire, desarticuló la mayor red del espionaje...

El amor de Macarena Olona por la Guardia Civil empieza por su pareja, un joven oficial condecorado

El padre de su hijo llegó a la Benemérita como militar de carrera y, los que le...

Últimas noticias

La mortífera táctica sorpresa de los Tercios españoles para acabar con sus enemigos

La encamisada, una operación especial de alto riesgo, consistía en infiltrarse en el cuartel enemigo por la...

‘Mi mochila de emergencias’ (consejos de supervivencia para madrileños)

Si no estuviéramos en 2021, este kit apocalíptico sonaría a broma. Pero no están las cosas últimamente por la capital para pasar...

Drones y bombas que ‘hablan’: la IA es la gran revolución militar, y nadie está al mando

El camino por recorrer con estas tecnologías es largo, pero se avanza a velocidad de vértigo. Hay proyectos en varios puntos del...

Estrategia Nacional Contra el Terrorismo. 2019

Resumen Ejecutivo Este documento nace de la voluntad de constituirse en el marco político estratégico en la lucha contra...

Remote Workers Admit Lack of Security Training

A third of remote working employees have not received security training in the last six months. According to a...