IT security training in SMEs fails on the most important topics
Although human error is the biggest IT security concern for around a third (32%) of Swiss SMEs, employee training at these companies does not cover some of the most common security-related topics. This means that there is an alarming discrepancy between the real threat situation and employees' risk awareness. This is the conclusion of a study conducted by Sharp among more than 500 IT decision-makers and procurement managers from SMEs in various sectors in Switzerland.
According to the decision-makers surveyed, employees who are insufficiently informed about IT security are the fourth biggest risk factor (32%) for their companies - meaning that the Swiss are at least slightly more confident than the Germans and Austrians, who both cite untrained employees as the second biggest risk factor. Unprotected networks (37%), targeted attacks (34%) and inadequate protective measures (33%) weigh more heavily for the Swiss.
The basics of IT security? - No answer
Despite concerns about human error and the importance placed on comprehensive security training, the study shows that SMEs do not adequately address some of the most important topics in their employee training. For example, threats such as viruses and phishing are largely not discussed in the companies surveyed. The same applies to data loss and attacks that occur due to weak passwords - although up to a third of Swiss SMEs are affected by precisely these issues.
Only around a third of security training courses deal with password security (31%), downloading files (29%), secure handling of data (33%), network security (35%) or the basics of logging in and out (32%). It is also worrying that despite an increase in hybrid working models with a correspondingly more complex cyber threat situation, only just under half (42%) of Swiss SMEs have adapted their security training accordingly. And the topic of hybrid working plays a role in training at all for only 29% of the companies surveyed.
Creating awareness at all levels
"Cybersecurity is not just a technological challenge, the human factor is also crucial. Companies must have the necessary technologies in place to protect themselves against attacks, such as firewalls and antivirus software. But they also need to create a culture that takes IT security seriously and defines it as a task for every employee, not just for IT managers and the management team," comments François Muller, COO of Sharp Electronics Schweiz AG, on the results of the survey.
"If training on everyday topics such as changing passwords, recognizing phishing emails and downloading files is not carried out continuously, this can become a real IT security risk. The increase in AI-powered phishing attacks in particular also means that more companies are vulnerable to attacks than ever before. As a result, Swiss SMEs need to educate their employees to be more vigilant and deal with these new threats in a sensible way, as gaps in knowledge can result in significant costs."
Source: www.sharp.ch
