sábado, 8 mayo 2021
Visitas totales a la web: 86501530

El portal de los profesionales de seguridad y emergencias

Nº 1 del mundo en español en seguridad global

Soluciones de seguridad global

Remote Workers Admit Lack of Security Training

Dan Raywood

A third of remote working employees have not received security training in the last six months.

According to a survey by NinjaRMM of 400 remote workers in the UK across multiple industries, while 83% have had access to security best practice training and 88% are familiar with IT security policies, 32% have received no security training in the last six months.

Also, 50% spend two or more hours a week on IT issues, and 42% felt they had to go around the security policies of their organization to do their job.

According to Lewis Huynh, CSO at NinjaRMM, as COVID-19 introduced a seismic change to how security and IT operations are conducted at most businesses, “IT teams have been stretched thin to maintain normal operations and that means things like security training may have taken a lower priority.” He claimed that this is a mistake, as remote work has introduced more threats, not less.

“Ultimately, the decision to deploy security training to staff comes down to leadership, and if there’s one thing we learned from this report it’s that leaders should be doing more to prioritize basic security hygiene,” he said.

Commenting, Tim Mackey, principal security strategist at Synopsys CyRC, said for some organizations, security training is an annual affair that aligns with other compliance training.

“The worrying statistic is the 32% who state their last training was over a year ago, or that it’s not yet happened,” he said. “It is however quite important to recognize that for many businesses the pandemic has required reassessments of spending priorities, with the potential that, for some, training programs of all forms might be viewed as luxuries.”

Regarding the statistic that 42% of respondents said they have to go around the security policies of their organization to do their job, Infosecurity asked if this shows a poor engagement with the workforce, and what could security and the business be doing better?

Huynh said: “Looking at the reasons why employees are breaking the rules can help explain some of this. The top three reasons given for why they broke the rules were that personal accounts were more convenient, the IT department was too slow to respond to their needs and the security policies were too restrictive on their productivity. So, we’re seeing friction between staff and IT that suggests a breakdown in processes is occurring.”

Javvad Malik, security awareness advocate at KnowBe4, agreed that this shows poor engagement or forming of policies, without understanding the users’ needs. “Policies should not be set in stone,” Malik said. “What was a workable policy a few years ago, may not be fit for purpose today. Security departments should regularly engage with the business units of users who are subjected to the policies in order to find out any pain points and work collaboratively with them to find efficient ways of working as opposed to being the ‘department of no.’”

Elsewhere, the report claimed remote working had caused a 39% increase in the use of cloud services, and a 35% increase in the number of devices, while 75% of those polled said their IT security policy covers unapproved software, hardware and cloud services on work devices.

Malik said while it is good to have awareness of policies, it does not mean much if people do not care about them or, as the report states, if 42% are going around the policies, it does not matter if they are aware. “So, organizations should not just make their employees aware of the security policies, but encourage feedback and understand the effectiveness of policies and tweak where necessary.”

Huynh said the statistic that 88% are familiar with IT security policies was “one positive finding from the report as it suggests that security teams have done a good job at making security policies accessible and understandable.”

He added that policies should also cover the use of unapproved software and hardware, which, from this report, we learned that not every policy does. These seemingly small actions are important as the rapid shift to remote work has introduced new risks that require frequent training and continuous improvement of the security policies in place.

Fecha de publicacióndiciembre 01, 2020

BELT.ES no se hace responsable de las opiniones de los artículos reproducidos en nuestra Revista de Prensa, ni hace necesariamente suyas las opiniones y criterios expresados. La difusión de la información reproducida se realiza sin fines comerciales. 

Listado de Expertos

Recomendado

Profesión militar: Obediencia debida frente a la obligación de disentir

Con ocasión de la realización de estudios en el Instituto Universitario Gutiérrez Mellado tuve la ocasión de leer y analizar una serie de documentos de opinión que trataban en profundidad las diferentes facetas presentes en el campo de las relaciones cívico-militares; temas que , habitualmente, no han estado presentes en los diferentes cursos y actividades formativas en la enseñanza militar, ni, por supuesto, en la civil.

El paracaidista español que humilló a los «temibles» espías soviéticos

Joaquín Madolell, natural de Melilla y militar del Ejército del Aire, desarticuló la mayor red del espionaje...

El amor de Macarena Olona por la Guardia Civil empieza por su pareja, un joven oficial condecorado

El padre de su hijo llegó a la Benemérita como militar de carrera y, los que le...

Últimas noticias

Espías del imperio, de Fernando Martínez Laínez

Una de las secuelas de la Leyenda Negra antiespañola es la desdeñosa opinión sobre la actuación de los...

Los orígenes de la M-30: curiosidades de la autopista que salvó a Madrid del ‘reventón’

Recordamos la historia de la carretera de circunvalación que recorre la capital, ¿cómo ha ido evolucionando a lo largo de los años?

Pandemic is pushing robots into retail at unprecedented pace

A new survey illustrates broad acceptance for robots in retail, including these crucial tasks. One of the striking trends...

¿Comprar un coche en 2022? Solo podrás hacerlo si tiene un ‘certificado antihackers’

La tecnología más puntera de nuestros vehículos está pensada para facilitarnos la vida, pero los ciberdelincuentes han encontrado una serie de debilidades...

Las tarjetas Visa tienen un fallo de seguridad que permite realizar pagos sin PIN superando el límite

Un atacante sólo necesitaría colocar un teléfono con NFC junto al terminal y otro junto a la tarjeta para realizar un pago...