New research from Sharp has revealed that employee error is considered to be a bigger cybersecurity risk than industry attacks and a lack of security cover, but it might not actually be their fault.
According to the report, key areas like phishing and data loss aren’t covered in IT training for many SMEs.
Sharp also found that cybersecurity progress has not caught on with increasingly popular hybrid working models, leaving yet another vulnerability that needs to be addressed.
Workers need more IT and security training
Sharp asked more than 5,700 European IT buyers from SMEs about cyber training, and found that many training providers don’t discuss virus attacks (25%), phishing (31%), data loss (30%), and password attacks (24%).
It was found that fewer than half of the training material covered passwords (46%), downloading files (46%), connecting to a network (45%), and menial procedures like logging off (44%).
The company also considered the rise in hybrid working, which has been notably present over the past three years and continues to be prevalent. Three in five (60%) SMEs have not increased IT security training since going hybrid, where remote work can pose a bigger risk, and only two in five (41%) small businesses cover hybrid working in their IT training.
Matt Riley, Director of Security at Sharp UK, said: “IT security is as much a people issue as it is a Technology challenge, our team members are ultimately our last line of defence against threats.”
Riley added that businesses “also need to create a security culture and robust training that covers all employees, not just the IT team and senior management.”
Moving forward, it’s clear that businesses not only need to invest more in cybersecurity training, but also address the evolving landscape and challenges.