In an era where data is digital and business is conducted online, cyber-attacks are potentially the greatest threat to any modern business and the consequences from loss of data can be particularly devastating.
Many companies spend thousands or even tens of thousands (though many more don’t) on the digital equivalent of ten-foot security fences; including biometrics, firewalls, antivirus scanners and encryption, but fail where it matters most; human error. Paradoxically advanced security software can often lead to a lax attitude towards security among staff, but as the old maxim goes, “security is only as strong as its weakest link.”
Research from Data Defender shows that an alarming proportion of UK businesses protect vital data by setting passwords as the company name or simply as ‘password’; leaving them vulnerable to attack. Industry is also increasingly under threat from phishing and viruses sent by email, but staff are seldom trained about the inherent risks. The proliferation of smart phones and tablet computers coupled with an increase in flexible working hours mean more and more external devices are plugged in to corporate networks, with many staff and even IT specialists unaware of the inherent dangers that these devices bring.
In fact, a recent survey of 700 UK workers revealed that 64% of them had received no training on IT security issues, including prevention of malware and loss of sensitive data. While many staff are conscience of the role they play in protecting a company, a significant minority are oblivious, or worse, ambivalent about the dangers.
Graeme Batsman from Data Defender is a leading authority on data protection who has seen rapid changes in the way business is conducted, but also a business culture which is struggling to keep up: “A large proportion of workers do not see data security as an issue while others view it only as a problem for the IT department and technical staff. With the use of advanced hardware and software now ubiquitous and access to company data at our fingertips, we must all take responsibility for protecting our digital lives. There are many simple, cost effective measures that companies can take to improve security, without in-depth technical knowledge. Often what is required is the right training and a change of mind-set. Many people assume that IT and technical issues are beyond them, but that needn’t be the case.”.