Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A company's employees are its best defence against security threats, and should be empowered and educated about technology risks, according to a new report from PricewaterhouseCoopers (PwC).
The consulting firm said in its Protecting your Business report (PDF) that organisations are too complacent about security, and assume that they will not be affected.
This lax attitude filters down to workers, who then believe that security is "someone else's problem".
PwC argued that companies should make staff more aware of the security risks, and educate them on how to defend against attacks.
"The goal is that all those working for an organisation are alert to the risks, will want to act to protect information and will be actively supported in doing so," said Craig Lunnon, senior manager of HR services at PwC.
"As the first line of defence, security-aware employees are often best placed to identify a potential breach or weak link. Equally, they can prevent and reduce the impact of incidents when they do occur."
This approach is preferable to increased technology investments, according to Lunnon, as technology can muddle the security landscape and create more problems than it solves.
Only by assessing employee behaviour, and improving their security awareness, will enterprises be able to invest in effective technology, he added.
Security investments will otherwise be fragmented, or create convoluted systems that staff will often bypass in favour of doing their jobs.
PwC also advised organisations to persuade staff to defend against, rather than cause, security threats, and to ensure that they are aware of their own responsibilities.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.