How careful are employees when it comes to IT security?
Apparently, most aren't careful, at all. What's more, most aren't really concerned whether or not IT policies are followed.
Take a look at these survey results. IT security expert Avira polled nearly 1,000 of its users in September and found that:
Only 38.95 percent of those participating in the study said they adhere to security policies designed to protect their company.
About the same amount (35.42 percent) admitted there are security policies in place at their business, but that they didn't feel that anyone really cared whether those policies were followed or not.
The remaining 25.63 percent said they see security as a system administrator's responsibility and not an employee concern.
As I have reported before, cybercrime is becoming increasingly common and increasingly expensive. Earlier this year, a study found the average time to resolve a cyberattack is 18 days, with an average cost to participating organizations of nearly $416,000. (For more information, see earlier posts about the risks of cyberattacks.)
Clearly, IT security is significant and growing concern, and companies need to focus more on security intelligence and risk management solutions designed to mitigate the costs of cyberattacks.
"When we see that less than 40 percent of workers take IT security seriously while at work, we know there is more to be done when it comes to educating people about IT security," said Sorin Mustaca, Data Security expert at Avira. "Employees need to know that security goes beyond just having an antivirus program installed. In the last few years we have seen increasing software exploits used as attack vectors for performing malicious actions. It is critical to keep all installed software updated: starting from patches for the operating system to web browsers, mail clients, office productivity suites, and of course antivirus software."