Inadequate IT security policies are widespread in UK companies
- Published: Wednesday, 31 January 2018 08:48
A study by OneLogin has found weaknesses in the UK policies of many UK companies. The study, which surveyed more than 600 UK-based IT decision-makers, with influence over their business’s IT security, highlighted a disparity between Internet access and security policies. For example, nearly a third (29 percent) of businesses neglect to monitor their employees’ use of high-risk websites on the corporate network, providing employees with unrestricted Internet access, and potentially impacting the security of sensitive business data.
When it comes to the preventative measures used to monitor external threat vectors, over a third (36 percent) don’t invest in security education for their employees and less than two-thirds (62 percent) conduct phishing assessments. In addition to this, three quarters (75 percent) don’t use cloud access security brokers and two-thirds (69 percent) don’t use single-sign-on services. Organizations appear to be taking the risky approach of simply relying on employees to use their common sense when it comes to cybersecurity, leaving valuable corporate data easily accessible to cybercriminals looking for the easiest way into the corporate network.
“With an influx of employees now choosing to work remotely from personal devices, many remain unaware of security threats and often access the Internet forgetting they’re still connected to the corporate network. Therefore, organizations simply cannot afford to rely on employees to know the impact of their personal habits on corporate cyber security, meaning proactive steps must be taken. Emphasis must be placed on IT and security training for employees to understand the need to avoid high-risk websites to preserve corporate integrity,” said Alvaro Hoyos, chief information security officer at OneLogin.