Industry watch Toolkit

IT security training 'inadequate'

Graham Hayday Silicon.com

Published: 08 Nov 2002 12:22 GMT

IT security training is woefully inadequate in the majority of UK companies, according to a survey.

Results from a SurfControl/NOP survey shows that 73 percent of organisations from the UK's largest employment sectors do not have proper training programmes in place.

Almost three quarters of workers admit that they have never received any training from their employer on how to use the internet and email at work to minimise network security problems.

More than 80 per cent of employees said they were concerned about the risks posed to the network by viruses. However, they are seemingly ill-equipped to identify and deal with potential threats, such as avoiding the temptation to open dubiously titled email attachments, according to the survey.

Steve Purdham, chief executive of SurfControl, said: "Our findings should be of major concern. How can staff be judged as guilty for propagating virus loaded email attachments when they know no better?"

"We firmly believe that IT security training needs to be initiated on two levels led jointly by the IT and HR departments. First of all with new joiners as part of a standard induction plan and then re-introduced to employees every six months to keep them updated. Companies really need to understand that all Internet content that enters, circulates and leaves the building carries a risk and that better understanding at the workforce level is an excellent front line defence," Purdham said.

NOP World surveyed 100 workers from the civil service, accountancy, legal, financial services, retail and manufacturing sectors.

For a round-up of the latest tech business coverage, see the Business News Section.

Have your say instantly, and see what others have said. Go to the ZDNet news forum.

Let the editors know what you think in the Mailroom.