miércoles, 22 septiembre 2021
Visitas totales a la web: 86826935

El portal de los profesionales de seguridad y emergencias

Nº 1 del mundo en español en seguridad global

Soluciones de seguridad global

Remote Workers Admit Lack of Security Training

Dan Raywood

A third of remote working employees have not received security training in the last six months.

According to a survey by NinjaRMM of 400 remote workers in the UK across multiple industries, while 83% have had access to security best practice training and 88% are familiar with IT security policies, 32% have received no security training in the last six months.

Also, 50% spend two or more hours a week on IT issues, and 42% felt they had to go around the security policies of their organization to do their job.

According to Lewis Huynh, CSO at NinjaRMM, as COVID-19 introduced a seismic change to how security and IT operations are conducted at most businesses, “IT teams have been stretched thin to maintain normal operations and that means things like security training may have taken a lower priority.” He claimed that this is a mistake, as remote work has introduced more threats, not less.

“Ultimately, the decision to deploy security training to staff comes down to leadership, and if there’s one thing we learned from this report it’s that leaders should be doing more to prioritize basic security hygiene,” he said.

Commenting, Tim Mackey, principal security strategist at Synopsys CyRC, said for some organizations, security training is an annual affair that aligns with other compliance training.

“The worrying statistic is the 32% who state their last training was over a year ago, or that it’s not yet happened,” he said. “It is however quite important to recognize that for many businesses the pandemic has required reassessments of spending priorities, with the potential that, for some, training programs of all forms might be viewed as luxuries.”

Regarding the statistic that 42% of respondents said they have to go around the security policies of their organization to do their job, Infosecurity asked if this shows a poor engagement with the workforce, and what could security and the business be doing better?

Huynh said: “Looking at the reasons why employees are breaking the rules can help explain some of this. The top three reasons given for why they broke the rules were that personal accounts were more convenient, the IT department was too slow to respond to their needs and the security policies were too restrictive on their productivity. So, we’re seeing friction between staff and IT that suggests a breakdown in processes is occurring.”

Javvad Malik, security awareness advocate at KnowBe4, agreed that this shows poor engagement or forming of policies, without understanding the users’ needs. “Policies should not be set in stone,” Malik said. “What was a workable policy a few years ago, may not be fit for purpose today. Security departments should regularly engage with the business units of users who are subjected to the policies in order to find out any pain points and work collaboratively with them to find efficient ways of working as opposed to being the ‘department of no.’”

Elsewhere, the report claimed remote working had caused a 39% increase in the use of cloud services, and a 35% increase in the number of devices, while 75% of those polled said their IT security policy covers unapproved software, hardware and cloud services on work devices.

Malik said while it is good to have awareness of policies, it does not mean much if people do not care about them or, as the report states, if 42% are going around the policies, it does not matter if they are aware. “So, organizations should not just make their employees aware of the security policies, but encourage feedback and understand the effectiveness of policies and tweak where necessary.”

Huynh said the statistic that 88% are familiar with IT security policies was “one positive finding from the report as it suggests that security teams have done a good job at making security policies accessible and understandable.”

He added that policies should also cover the use of unapproved software and hardware, which, from this report, we learned that not every policy does. These seemingly small actions are important as the rapid shift to remote work has introduced new risks that require frequent training and continuous improvement of the security policies in place.

Fecha de publicacióndiciembre 01, 2020

BELT.ES no se hace responsable de las opiniones de los artículos reproducidos en nuestra Revista de Prensa, ni hace necesariamente suyas las opiniones y criterios expresados. La difusión de la información reproducida se realiza sin fines comerciales. 

Listado de Expertos

Recomendado

Profesión militar: Obediencia debida frente a la obligación de disentir

Con ocasión de la realización de estudios en el Instituto Universitario Gutiérrez Mellado tuve la ocasión de leer y analizar una serie de documentos de opinión que trataban en profundidad las diferentes facetas presentes en el campo de las relaciones cívico-militares; temas que , habitualmente, no han estado presentes en los diferentes cursos y actividades formativas en la enseñanza militar, ni, por supuesto, en la civil.

El amor de Macarena Olona por la Guardia Civil empieza por su pareja, un joven oficial condecorado

El padre de su hijo llegó a la Benemérita como militar de carrera y, los que le...

El paracaidista español que humilló a los «temibles» espías soviéticos

Joaquín Madolell, natural de Melilla y militar del Ejército del Aire, desarticuló la mayor red del espionaje...

Últimas noticias

Así son los refuerzos del Ejército del Aire: del caza que vuela con drones a un gigantesco avión cisterna

El Ministerio de Defensa ha anunciado una partida presupuestaria donde recoge la adquisición de 3 aviones cisterna,...

La batalla de Cannas: la gran catástrofe de las legiones romanas a manos de mercenarios íberos y celtas

Todos los sacrificios de Aníbal dieron sus frutos el 2 de agosto del año 216 a.C. Su maniobra envolvente contra un ejército...

Rusia se prepara para la guerra

El incidente que se produjo a mediodía del miércoles en aguas internacionales del Mar Negro entre una flota occidental y fuerzas militares...

Decision making in uncertain times

The timeline for companies to react to the coronavirus has shrunk dramatically. Here are five principles that leaders can follow to make...

Data nomics

Casandra, sacerdotisa de Apolo, llegó a un pacto con el Dios de la verdad para que le fuera concedido el don de...