Andrew Miller, director at PwC said: “One of the key things that we found with our survey is organisations that have security policies set [in place] and actually make their staff aware of these and engrain them into the behaviour of the organisation experience a third less in terms of breaches.
“It is always best to establish what the company’s expectations are to get staff to buy into the culture and put into practice these actions.”
Indeed, according to the PwC Data breaches report, 81 per cent of organisations that had been victims of cyber attack claimed there had been an element of staff involvement which stemmed from unauthorised access to systems or data, breaches in data protection laws or the accidental loss of confidential information.
According to Nick Gibbons, educating the staff on the importance of keeping cyber details safe and secure can have a dramatic impact on the company’s ability to keep its network safe from cyber attack.
He said: “Employees need to know and understand their role in maintaining cyber security. Written data protection, computer, interest and social media policies and staff training dealing with issues such as remote working, strong passwords, clean desks and social engineering are essential and relatively inexpensive. “
Vincent Geake, Cyber and Technology expert at Deloitte UK, agrees that educating staff and ensuring responsible behaviour in the working environment is crucial to the long-term protection of the business.
He said: “It’s not good enough to simply spend more money on security; it’s also about making sure that you do it in the most effective way. If everybody knows that senior bosses think that cyber security is important to every day work and in making business decisions then employees will be more aware of security.
“Everybody these days needs to have an understanding of the type of attacks that a business can be threatened by, and that they can get involved at a really high level. Many attacks involve insiders, not maliciously – but employees can make mistakes that assist attacks.”
In our next instalment of our cyber security series, we take a look at what sort of investment is needed to defend your business…