martes, 9 agosto 2022
Visitas totales a la web: 87774632

El portal de los profesionales de seguridad y emergencias

Nº 1 del mundo en español en seguridad global

Soluciones de seguridad global

Remote Workers Admit Lack of Security Training

Dan Raywood

A third of remote working employees have not received security training in the last six months.

According to a survey by NinjaRMM of 400 remote workers in the UK across multiple industries, while 83% have had access to security best practice training and 88% are familiar with IT security policies, 32% have received no security training in the last six months.

Also, 50% spend two or more hours a week on IT issues, and 42% felt they had to go around the security policies of their organization to do their job.

According to Lewis Huynh, CSO at NinjaRMM, as COVID-19 introduced a seismic change to how security and IT operations are conducted at most businesses, “IT teams have been stretched thin to maintain normal operations and that means things like security training may have taken a lower priority.” He claimed that this is a mistake, as remote work has introduced more threats, not less.

“Ultimately, the decision to deploy security training to staff comes down to leadership, and if there’s one thing we learned from this report it’s that leaders should be doing more to prioritize basic security hygiene,” he said.

Commenting, Tim Mackey, principal security strategist at Synopsys CyRC, said for some organizations, security training is an annual affair that aligns with other compliance training.

“The worrying statistic is the 32% who state their last training was over a year ago, or that it’s not yet happened,” he said. “It is however quite important to recognize that for many businesses the pandemic has required reassessments of spending priorities, with the potential that, for some, training programs of all forms might be viewed as luxuries.”

Regarding the statistic that 42% of respondents said they have to go around the security policies of their organization to do their job, Infosecurity asked if this shows a poor engagement with the workforce, and what could security and the business be doing better?

Huynh said: “Looking at the reasons why employees are breaking the rules can help explain some of this. The top three reasons given for why they broke the rules were that personal accounts were more convenient, the IT department was too slow to respond to their needs and the security policies were too restrictive on their productivity. So, we’re seeing friction between staff and IT that suggests a breakdown in processes is occurring.”

Javvad Malik, security awareness advocate at KnowBe4, agreed that this shows poor engagement or forming of policies, without understanding the users’ needs. “Policies should not be set in stone,” Malik said. “What was a workable policy a few years ago, may not be fit for purpose today. Security departments should regularly engage with the business units of users who are subjected to the policies in order to find out any pain points and work collaboratively with them to find efficient ways of working as opposed to being the ‘department of no.’”

Elsewhere, the report claimed remote working had caused a 39% increase in the use of cloud services, and a 35% increase in the number of devices, while 75% of those polled said their IT security policy covers unapproved software, hardware and cloud services on work devices.

Malik said while it is good to have awareness of policies, it does not mean much if people do not care about them or, as the report states, if 42% are going around the policies, it does not matter if they are aware. “So, organizations should not just make their employees aware of the security policies, but encourage feedback and understand the effectiveness of policies and tweak where necessary.”

Huynh said the statistic that 88% are familiar with IT security policies was “one positive finding from the report as it suggests that security teams have done a good job at making security policies accessible and understandable.”

He added that policies should also cover the use of unapproved software and hardware, which, from this report, we learned that not every policy does. These seemingly small actions are important as the rapid shift to remote work has introduced new risks that require frequent training and continuous improvement of the security policies in place.

Fecha de publicacióndiciembre 01, 2020

BELT.ES no se hace responsable de las opiniones de los artículos reproducidos en nuestra Revista de Prensa, ni hace necesariamente suyas las opiniones y criterios expresados. La difusión de la información reproducida se realiza sin fines comerciales. 

Listado de Expertos

Recomendado

Profesión militar: Obediencia debida frente a la obligación de disentir

Con ocasión de la realización de estudios en el Instituto Universitario Gutiérrez Mellado tuve la ocasión de leer y analizar una serie de documentos de opinión que trataban en profundidad las diferentes facetas presentes en el campo de las relaciones cívico-militares; temas que , habitualmente, no han estado presentes en los diferentes cursos y actividades formativas en la enseñanza militar, ni, por supuesto, en la civil.

El amor de Macarena Olona por la Guardia Civil empieza por su pareja, un joven oficial condecorado

El padre de su hijo llegó a la Benemérita como militar de carrera y, los que le...

La artillería ‘made in USA’ comprada por Marruecos que deja fuera de juego a España

El país magrebí sigue reforzando sus fuerzas armadas a golpe de talonario, y no lo hace de...

Últimas noticias

La exigencia de ser alumno en la Academia de Artillería

El Colegio de Artillería del Alcázar fue designado como tal centro formativo el 29 de enero de...

El impresionante y olvidado resurgir de España con Felipe V

Desperta Ferro edita en castellano la obra de referencia del hispanista Christopher Storrs, donde prueba que la Monarquía Hispánica reivindicó un lugar...

Los 30 años del Samur: de «cinco o seis sanitarios» a «salvar 25.000 vidas»

"Quisimos que las Urgencias llegaran al ciudadano", dice Javier Quiroga, uno de los impulsores de este servicio que nació en 1992.

París 2024 no tendrá fútbol en Saint-Denis tras el escándalo de la final de la Champions League

El escándalo antes del Liverpool - Real Madrid supuso que la organización de los Juegos Olímpicos tome medidas. El atletismo sigue previsto...

Emperadores de HISPANIA

Trajano, Adriano. Marco Aurelio y Teodosio en la forja del Imperio Romano "Es una tierra bendecida": el poder de...