Almost a third of UK organizations have sacked an employee as a result of data breach negligence, according to new research from Shred-it’s Security Tracker report.
The firm carried out a survey of three sample groups – 1000 small business owners, 1000 C-suite execs of large organizations and 1100 consumers/employees to expose security risks currently threatening UK companies.
A key finding was that businesses recognize employee negligence as playing a major or moderate role in data security breaches, but that a significant percentage are failing to take action with robust information security training programs.
Only just over half (55%) of the large organizations surveyed had trained their workers on public Wi-Fi use, whilst almost a third had failed to provide training on spotting fraudulent emails. Smaller businesses faired a lot worse, with just 46% of them offering necessary key training; only 27% had provided public Wi-Fi training and a third offered fraudulent email training.
“It might feel like rough justice for employees to be held to account when training is not comprehensive, but it reflects how difficult this process is, even for businesses with extensive resources,” said Neil Percy, vice-president market development and integration EMEA, Shred-it.
“There may also be an assumption that some elements are common sense, but that potentially belies how easy it is to be duped by skilled phishers and hackers, or even to lose confidential info during the course of a busy day. Mindfulness is key and training helps.”