88% of employees have no clue about their organization's IT security policies

Building a slide deck, pitch, or presentation? Here are the big takeaways:

12% of employees claim to be fully aware of their organization’s IT security policies and rules. — Kaspersky Lab, 2018
24% of employees said they believe their organization does not have any established security policies. — Kaspersky Lab, 2018

Though cyberthreats grow more sophisticated by the day, the vast majority of employees are not aware of their organization’s information security policies and rules that are in place to keep them safe, according to a new survey from Kaspersky Lab. While 49% of employees surveyed said they consider protection from cyberthreats a shared responsibility in their company, only 12% said they were fully aware of their company’s IT security policies, Kaspersky Lab found.

These results highlight the fact that employees remain a top security risk factor within organizations, as they are responsible for 46% of IT security incidents each year, according to a past Kaspersky Lab survey. However, employees are also the key to strengthening an organization’s security posture, as noted by our sister site ZDNet, and enterprises must have strong awareness campaigns in place to remain cybersecure.

Of the nearly 8,000 full-time employees surveyed, 24% said they believed their organization did not have any established IT security policies.

SEE: Incident response policy (Tech Pro Research)

This lack of awareness is of particular concern for SMBs, who often lack dedicated IT security teams, and share cybersecurity responsibilities among IT and non-IT workers, Kaspersky Lab noted in the report. SMBs tend to be most vulnerable to threats such as ransomware, since they lack the staff and financial resources to secure their IT infrastructure.

Employees most at risk tend to be executives, HR leaders, and finance specialists, who tend to have access to their company’s critical data, according to the report. If the most basic cyber hygiene practices–such as changing passwords or installing updates–are not followed by all employees, it could potentially put the entire organization in danger of a breach.

“The issue of unaware staff can be a major challenge to overcome, especially for smaller businesses where a cybersecurity culture is still being developed,” Vladimir Zapolyansky, head of SMB business at Kaspersky Lab, said in a press release. “Not only can employees themselves fall victim to cyberthreats, but they are also obliged to guard their company from those threats in the first place. In this regard, businesses should be educating staff and introducing easy-to-use–but still powerful–security solutions that make managing protection achievable for those who are not experts in IT security.”

For more tips on how to keep employees cybersecure, click here.

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE This policy describes the organization’s employee privacy guidelines and outlines employee privacy expectations. From the policy: POLICY DETAILS The organization’s IT equipment, services and systems are intended for business use only. However, the organization acknowledges that staff, consultants and volunteers occasionally require opportunities to make or receive personal phone calls, access personal email, utilize ...

PURPOSE The purpose of this Security Response Policy from TechRepublic Premium is to outline the security incident response processes which must be followed. This policy will assist to identify and resolve information security incidents quickly and effectively, thus minimizing their business impact and reducing the risk of similar incidents recurring. It includes requirements for both ...

PURPOSE This policy from TechRepublic Premium provides guidelines for reliable and secure backups of end user data. It outlines the responsibilities of IT departments and employees to identify tasks and action items for each group. The policy can be customized to fit the needs of your organization. From the policy: IT STAFF RESPONSIBILITIES IT staff ...

88% of employees have no clue about their organization’s IT security policies