Australians ahead in the security game

Clearswift  has unveiled new independent global research highlighting the latest victims of Web 2.0 - and it’s largely good news. The Security Awareness Report, released today as a follow-up to its April Web 2.0 in the Workplace study, found almost three quarters (74%) of the 2000 office workers surveyed feel confident that they understand internet policies, the type of policy designed to safeguard data and IT security as well as maintain productivity.

Casual compliance and risk taking in web and email usage are becoming a thing of the past in Australia, with just 1% of organisations having no policy at all - the lowest of the five countries surveyed - versus the 73% that do. The research also shows that Australian employees tend to take more responsibility for understanding their organisation’s policy, with 38% having received training at induction and 36% having discussed internet policy with colleagues in the last six months, both higher than the global average.

However, some results did highlight a gap between perception and reality when it comes to IT security policies, suggesting the need for policy to become more than a ‘watercooler conversation’.

Some confidence in policy compliance seems ill placed given that a third of those surveyed about updated and ongoing IT security policy training since joining their organisation has been largely non-existent. This statistic is particularly disconcerting considering that more than half (54%) of respondents joined more than five years ago - a virtual lifetime in technological terms. It is perhaps not surprising then to learn that almost one in five people fears they may currently be breaching corporate policy, albeit inadvertently.

One in four of those surveyed felt that their company "could be better" at communicating guidelines, with 62% blaming ignorance or a lack of understanding for security breaches, suffered by their organisation. Perhaps this goes to show why one fifth agreed that security policies are more about apportioning blame than protecting data. Interestingly, one in five would ignore policy to get their job done more efficiently.

“It’s time for organisations to get to grips with making a policy a living, breathing part of their operations that is relevant to everyday corporate life - not just a tick in the box when it comes to an induction period,” said Phil Vasic, Director, Asia Pacific at Clearswift. “All too often, a policy is simply a document that is referred to only when something goes wrong - almost proof that someone ‘should have known better’. There is little or no point in having an IT security policy in place unless staff across the business are fully aware of it and, more importantly, understand the reasons why the rules are in place. Policy, not policing, is the answer to ensure confidence is well placed to tackle the challenges of managing Web 2.0 that organisations face.”

Clearswift is calling for email and web security to be brought out of the dark depths of the IT department to drive clarity across the organisation. Having relevant and current security policies in place means that organisations can enable their employees to get on with the jobs that they need to do and aid productivity and innovation.