- Nearly half (47%) of employees don't formally acknowledge their employer's cybersecurity policy, according to a report from consulting firm Clutch. In a survey of 1,000 full-time employees, workers said they most frequently interact with company security policies via password update notices (67%), internet-use controls and permission prompts.
- Key findings in the report reveal that password protection is employees' most common IT security behavior (76%), yet the majority of respondents (82%) use what Clutch calls "the simplest approach" to password protection by regularly updating their passwords instead of opting more complex methods. Less than half (41%) of employees in the survey used multi-factor authentication (MFA), for example.
- The majority of respondents have reported security incidents (60%), but this contingent is slightly larger than the percentage of employees that had completed security training (59%). Most of the employees in the survey who had received training (52%) said the training occurs only once per year.
The existence of a policy doesn't necessarily mean that employees are abiding by it. That's something to keep in mind when implementing company-wide communications and training around IT security, especially relevant now due to the frequency of high-profile breaches. Unsuspecting workers can be easily duped into falling for hackers and cyber scams.
Although employees are more likely to change their passwords than engage in other cybersecurity practices, the important metric here is frequency. Updates and reminders might not offer enough protection from breaches; some organizations, fed up with the vulnerabilities of traditional passwords, have even turned to biometrics.
Employees are often on the frontline of attack by cybersecurity hackers, so it's crucial that they not only get policy training, but that they also understand and can easily follow security procedures. A Harvard Business Review report recommends that policies be kept simple and user-friendly for employees. HR can team up with IT to draft workable policies to protect employees and their organizations.