UK companies are increasingly aware of the importance of information security policies, but such policies are being widely ignored by staff, new research claims.

The 2008 Information Security Breaches Survey carried out by PricewaterhouseCoopers warned that tightening information security means changing people's behaviour.

The survey, which was carried out on behalf of the Department for Business, Enterprise & Regulatory Reform, found that seven out of eight large businesses claim to have IT security polices.

The results suggest that companies are placing greater trust in their staff, and want employees to use technology to improve their effectiveness.

For example, 54 per cent of UK companies now allow staff to access their systems remotely (up from 36 per cent in 2006) and every large business gives remote access to at least some staff.

The proportion of businesses restricting internet access to some staff has nearly halved (from 42 per cent to 24 per cent), and only nine per cent give no staff access to the internet.

At the same time, the survey showed that staff are increasingly targeted by social engineering attacks in which outsiders try to obtain confidential information from employees.

Businesses are also becoming increasingly concerned about what is being said about them on social networking sites, and some staff have posted confidential information on these sites.

However, the report warned that technology controls alone are not enough. Key to making sure that staff remain the organisation's greatest asset is to ensure that they behave in a security-conscious way.

Companies are increasingly focused on setting clear policies, making staff aware of the policies and monitoring behaviour to ensure that it is in line with those policies.

Chris Potter, a partner at PricewaterhouseCoopers, said: "Having a security policy alone does not magically improve security awareness among staff. The overwhelming majority of companies take steps to raise awareness.

"The priority given by senior management makes a difference in the extent to which security awareness is drilled into all areas of the organisation.

"Only one in five companies for which security is not a priority at all takes any steps to raise the security awareness of their staff.

"What companies are realising is that increasing security awareness is only part of the answer; the critical issue is changing the behaviour of their people."

Permalink  Comments  Forward  Print
digg   del.icio.us   reddit!

related content
Facebook
Ecommerce
BulletFacebook blunder exposes private photos
Incident highlights importance of securing social networking sites  27 Mar 2008
Digital information
Enterprise Security Technology
BulletInformation protection and control takes off
Data loss prevention and encryption technologies merged into next-gen security offerings  26 Mar 2008
VoIP phone
Telecoms
BulletUS firms hang up on VoIP security
Not enough being done to secure VoIP beyond the Lan  26 Mar 2008
Credit card
Enterprise Security Technology
BulletStolen credit card portal uncovered
Organised trading floor offers guarantees and volume discounts  26 Mar 2008
a padlock
Enterprise Security Technology
BulletUpdated: IT security survey opens Infosec
Firms could do more to improve security, according to survey on IT breaches  22 Apr 2008
Enterprise Security Technology
BulletSecurity professionals aim to end data breaches
Increasing sensitivity about corporate repuations is spurring actions on leaks  25 Apr 2008
BulletUntrained users highlighted as security risks
Users given greater IT freedoms, but not security training  28 Mar 2008
infosec logo
Enterprise Security Technology
BulletInfosecurity Europe show to focus on data breaches
Annual trade show will see the launch of the annual Information Security Breaches Survey  17 Apr 2008
Picture of a data thief
Enterprise Security Technology
BulletReview 2007: IT security and e-crime
Computing's review of the year looks back at the top IT security and cybercrime stories  20 Dec 2007
latest news
Solar panels
Renewables
BulletSolar industry slams "patently false" claims of century-long pay back periods
Report claiming solar panels take over 100 years to recoup their value is just plain wrong, say manufacturers  05 Sep 2008
Honda hybrid
Transport
BulletHonda escalates hybrid price war
New hybrid hatchback designed to make dual-drive vehicles more affordable  05 Sep 2008
John McCain
Climate Change
BulletMcCain attacks Obama over opposition to nuclear power and oil drilling
Republican attempts to highlight differences over energy policy as both candidates pledge to deliver US energy independence  05 Sep 2008
Click here for more More news
latest in-depth
US View logo
Analysis
BulletTaking Green Initiatives to the Next Level
Once your company has gathered up all the low-hanging fruit, what comes next? Sarah Fister Gale finds that the answer lies in everything from multi-million dollar energy efficiency programmes to printers powered by exercise bikes  03 Sep 2008
Airship
Analysis
BulletAirships float back to the future
Slow journey times mean airships are highly unlikely to replace passenger jets, but, as Danny Bradbury discovers, a flotilla of new companies are convinced that low-fuel costs mean the old-fashioned aircraft could have huge appeal to freight operators  02 Sep 2008
Oil refinery
Analysis
BulletShell slammed over "puzzling" tar sands claims
Recent claims from the oil giant's chief executive suggesting tar sand extraction is required to slow the shift to coal may have caught the eye, but as BusinessGreen.com discovers they do not make much sense  28 Aug 2008
Click here for more More in-depth
what do you think?
Click here for more Post your comment
Click here for more Send an email to the Business Green editor at feedback@businessgreen.com
Reader comments for this story
Post your comment Post your comment   What is this?