'Canadian businesses are failing to provide employees with enough education on cyber threats, best practices'
It seems Canadian employees are not putting enough importance into keeping their work data secure, according to a recent report.
Just over a third (34 per cent) of employees express little-to-no concern about data theft at work, and 16 per cent believe they can't be targeted at all by cyber criminals, finds Terranova Security.
And there is still confusion among employees over who is ultimately responsible for protecting company data, finds the survey of 1,000 Canadian employees. More than three-quarters (77 per cent) of Canadian employees believe it's the IT department's responsibility to protect company data, while just 54 per cent believe they play an essential role.
Read more: Despite risks, fewer employers offer cybersecurity training
"The research shows that there's some work to do on educating people about the important role they play in protecting data at work, but the responsibility doesn't just fall on them," says Theo Zafirakos, chief information security officer, Terranova Security.
This comes at a time when the danger from a breach is at an all-time high. According to the Canadian Anti-Fraud Centre (CAFC), Canadians lost an estimated total of CAD $230 million to fraud in 2021, out of which a sum of CAD $100 million was associated to online fraud.
But workers are willing to learn. Nearly eight in 10 (78 per cent) of them believe cyber security training is interesting, and 56 per cent have started or completed the training when it's offered to them.
Read more: Many employers not taking cyber security seriously
However, Canadian businesses are failing to provide employees with enough education on common cyber threats and security best practices.
Only 40 per cent of employees say they work in a company where cyber security awareness training is mandatory. Another 44 per cent haven't participated in any cyber security training, and 33 per cent indicate that their company doesn't offer any relevant training at all.
"It's clear that security awareness training fell by the wayside for many Canadian businesses, even though cyber crime is rising, and that's a concern,” says Zafirakos. “But employees also have an appetite for learning more about it. These people are the first line of defense against any cyber attack.
Read more: Cyberattacks rise with work from home
“By investing more in education and building a culture around data security within the business, companies will set up a powerful barrier against any cyber threats."
Employers may find it hard to assign dollar values in the return on investment (ROI) of security awareness training when you’re measuring the effects of something that didn’t happen, admits Anthony Haggerty, security engineer at EO Johnson Business Technologies However, it’s pretty much a requirement these days.
“Proactive security education and awareness training is like an insurance policy in the way it limits future potential damages. With today’s threat landscape, a cyberattack is practically a given, so security training is an insurance policy that isn’t optional,” he says.
Read more: Cyberattacks don’t take a holiday
“An effective security awareness program can greatly decrease the impact of cyber-attacks on your bottom line and bring you a significant return on your investment,” he says, and this applies to companies of all sizes.
“For small and midsize businesses especially, avoiding an attack could be a matter of survival. But even for larger organizations that may be able to absorb some of the cost, not having to divert budgets to deal with security incidents means more money available for growing their business.”