ESET Security Day: Business Survey Review

Next story

Image

We held our first Security Day on Friday 27th February and it was a great success. We had some brilliant feedback and during the event we ran a few surveys. Mark James, ESET security specialist and speaker at the event, takes us through the results.


The first survey looked at Business Security and the delegates’ company security policies varied. The sample size wasn’t huge so we won’t be drawing concrete conclusions: merely educated speculation and insights.


How would you describe your company security policy?


  • 44% described their policy as “Strict”
  • 33% described it as “Strict in places”
  • 22% said it was “Lenient”
  • 0% of delegates had a “Non-existent” policy


“As with most security professionals they often tend to err on the side of caution when it comes to direct questions about security, but even looking at the above stats security is not as tight as it should be.”

“This clearly shows the need for tighter controls on policies, they don’t need to be difficult and with ESET remote administrator can be managed easily from a central location.”

At least the majority have a strict policy and even strict in places is better than nothing: although it depends where those strict bits are and where the more lenient policies are.


How concerned are you by substantial corporate breaches?


  • 67% were “Seriously concerned”
  • 33% “Moderately concerned”
  • 0% “Mildly concerned”
  • 0% “Not concerned”


“And so people should be. It’s almost a daily occurrence that data is lost or stolen from the very people we charge to keep it safe. Whilst I fully appreciate it’s not always easy on the same note it’s not always a priority where it should be every single time.”

I’ve often heard Mark say that a day is truly newsworthy if there isn’t a huge corporate breach involving millions of customer’s details. A bit extreme, although I can’t help but agree: large breaches have become far too common and are shrugged off far too easily.


In regard to digital security, which is the most important to you?


  • 67% said “User education”
  • 17% said “Advanced software” (encryption, 2FA etc.)
  • 8% said “Cost”
  • 8% said “Enforcing a policy”
  • 0% said “Software”


“Education has always been my most used word. It’s good to see that a lot of others see this as the single most important aspect in keeping our data safe.”

User education really has been the common thread throughout the blog. The lack of it is a big part of the problem and more of it is a huge part of the solution.

It’s interesting that software got 0% of the vote and that encryption and 2FA came second. Depending on whom you ask in a company you’ll get a different answer and perspective but hopefully user education will always top the chart.


How do you go about educating your staff about safe computer use?


  • 33% said that it was “Not provided”
  • 25% used “Email”
  • 25% made use of “Regular scheduled training”
  • 17% provided “Training as needed”
  • 0% used third-party “Courses”


“That’s a low percentage for actual training, for something we all agree is very important there’s very little actually being done about it.”

Emails can be easily ignored or glossed over if they aren’t directly relevant to your working day and around a third had no training at all. It certainly is a conundrum.

Considering that user education came top of the board in the previous survey it’s an interesting turn around. To me it says “yes education is crucial, but we won’t try that hard to foster it.”


Join the ESET UK LinkedIn Group and stay up to date with the blog. Videos from the event will also be posted there shortly, join now if you want to be notified.

How would you respond to the featured surveys?